I am using HTTP basic authentication (username & password) in a site including API endpoints hosted in Apache, I am doing something like this on .htaccess:
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen
Since I am consuming the API from browser side in a page hosted on another domain (the CORS part is already solved), I need to allow certain requests UNauthenticated. These requests are the request which method is "OPTIONS", (preflight as explained here: http://www.w3.org/TR/cors/#resource-preflight-requests), Please, i dont need any info about ajax or any other thing on the browser, I need to know how to do this on apache
Thanks in advance
You can use mod_setenvif
here.
SetEnvIfNoCase Request_Method OPTIONS allowed
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen
Order deny,allow
Deny from all
Allow from env=allowed
Satisfy any
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With