Menu
I use .htaccess to protect a website with a password.
If i use html5 audio elements on that website my Ipad requires the website password at each reload, although it's saved in the browser.
Only on Ipad. Not rooted, all original ios. Tested with Chrome and Safari on Ipad, always the same.
If there is no audio element on the page, it doesn't require the password.
This doesn't happen on an Android Tablet or Firefox in Windows.
What can i program to prevent the Ipad asking for the password?
I use the following code from this website.
<!DOCTYPE HTML>
<html>
<head>
<title>Audio</title>
</head>
<body>
<script>
function play(){
var audio = document.getElementById("audio");
audio.play();
}
</script>
<input type="button" value="PLAY" onclick="play()">
<audio id="audio" src="./207.wav"></audio>
</body>
</html>
The .htaccess:
AuthType Basic
AuthName name123
AuthUserFile /somepath/.htpasswd
require valid-user
SetEnv no-gzip
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
AddDefaultCharset UTF-8
808
Take these steps to password protect a PDF on an iPad.Click Select A File to navigate to your file, and choose it. Enter a strong and unique password into the box that appears. Retype the password to confirm it. Click Set Password.
Add a passwordOpen the document, click the More button in the toolbar, then choose Set Password. Type a password and password hint, then click Set Password. A secure symbol appears in the document's thumbnail in the document manager.
It's really easy to do. With a Pages document up on your iPhone or iPad, look for the wrench at top right and tap it. Give your document a password, enter it a second time, and enter a hint. There's no back-door into a password-protected Pages document so the hint is essential should you forget the password.
It is a very old problem. Safari browser disables sending auth params when doing something automatically - redirect with 301-302 http codes or loading media file. Looks like this is a sequrity issue - Safari doesn't allow access to a file, loaded automatically.
Let's check it with server logs (I've added an image to the page):
GET /t/i.jpg HTTP/1.0" 200 images are loaded great.
GET /t/207.wav HTTP/1.0" 401 audio is not loaded, prompt is shown.
So it is the audio file that forces auth prompt to show. There is a workaround, but is is not secure enough.
UPD. The following code shows 200-response for first access (img tag) to 207.wav and 401 for the second (audio tag).
<img src="./207.wav" width=200><br>
<audio id="audio" src="./207.wav"></audio>
217.118.81.250 - ivan [11/Feb/2017:20:32:13 +0300] "GET /t/207.wav HTTP/1.0" 200 ... Safari/602.1"
217.118.81.250 - - [11/Feb/2017:20:32:15 +0300] "GET /t/207.wav HTTP/1.0" 401 ... Safari/602.1"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
