auth-module
auth-module copied to clipboard
nuxt-community
Safari overwrites Authorization header with Basic auth
Problem when working together with the nuxt-basic-auth-module (HTTP Basic Auth). I want the site to be password protected from outside visitors. And there was also user authorization using nuxt auth module, when launch in Safari after passing basic authorization, the basic authorization header is subsequently always added to all xhr-requests, and overwrites authorization header with a bearer token
Version
@nuxtjs/auth-next: 5.0.0-1613647907.37b1156 nuxt: 2.15.3 nuxt-basic-auth-module: 1.4.1
Nuxt configuration
mode:
- [x] universal
Nuxt configuration
auth: {
redirect: {
login: '/login',
logout: '/',
callback: '/login',
home: '/'
},
watchLoggedIn: false,
strategies: {
local: {
user: {
property: false
},
endpoints: {
login: { url: '/auth/login', method: 'post' },
user: { url: '/auth/user', method: 'get' },
logout: { url: '/auth/logout', method: 'post' },
}
}
},
},
// http basic auth https://www.npmjs.com/package/nuxt-basic-auth-module
basic: {
name: process.env.HTTP_BASIC_USERNAME,
pass: process.env.HTTP_BASIC_PASSWORD,
enabled: process.env.HTTP_BASIC_AUTH_ENABLED === 'true',
},
Reproduction
Install two modules: nuxt-auth and nuxt-basic-auth-module, and launch in Safari, after passing Basic auth Safari will pass Basic authorization header with each ajax request, but Chrome doesn't behave like that. I think the problem is not related to the nuxt-basic-auth-module, even if you set Basic Auth to the site in another way (Apache or nginx), the problem with Safari headers overwrites will still be.
Checklist
- [x] I have tested with the latest Nuxt version and the issue still occurs
- [x] I have tested with the latest module version and the issue still occurs
- [x] I have searched the issue tracker and this issue hasn't been reported yet
I believe Apple knows about this issue, but they do anything with this. As a workaround your backend can implement support of custom authorization header
