Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How I can avoid requesting Basic Authentication when HTTP method is OPTIONS on Apache .htaccess?

I am using HTTP basic authentication (username & password) in a site including API endpoints hosted in Apache, I am doing something like this on .htaccess:

AuthType Basic 
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

Since I am consuming the API from browser side in a page hosted on another domain (the CORS part is already solved), I need to allow certain requests UNauthenticated. These requests are the request which method is "OPTIONS", (preflight as explained here: http://www.w3.org/TR/cors/#resource-preflight-requests), Please, i dont need any info about ajax or any other thing on the browser, I need to know how to do this on apache

Thanks in advance

like image 799
dseminara Avatar asked May 12 '14 20:05

dseminara


1 Answers

You can use mod_setenvif here.

SetEnvIfNoCase Request_Method OPTIONS allowed

AuthType Basic 
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen
Order deny,allow
Deny from all
Allow from env=allowed
Satisfy any
like image 92
anubhava Avatar answered Oct 29 '22 07:10

anubhava