Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan2021-10-06 23:46:57
Nginx
Ivan, 2021-10-06 23:46:57

Why doesn't internal authorization work on nginx laravel?

Lots of text but need help.
I have a website in Laravel. I need to set a password for it, I have nginx.
In the config I wrote the following:

auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

Naturally, the password file is created normally.

I go to the site - it asks to enter a log and a pass, everything is as it should be. I type, it takes me to the site and I can even switch between pages. But, if I try to log in to the site (the authorization itself is already written in code), then nginx will again ask for a password and login, but this time not to accept them (you enter - press "Login", it asks again).

I've tried a lot of things and really don't understand what the point is. I looked at the logs, I didn’t find anything anywhere, I don’t understand why it won’t let me.

I don't know exactly what the problem is, but I guess it's in the internal API.
Many requests, including the authorization request, as I understand it, go to api. Because when, after authorization, he asks me to enter a password and if I click "Cancel" - then requests like domen.ru/api will receive an error 401, i.e. authorization error.

There are several such requests, but for example / api / user does not pass either, which, as I understand it, is responsible for internal authorization. I can't understand why this is happening.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan Koryukov, 2021-10-07
@youmixx

It doesn't work because nginx and the web application use the same http header to pass authorization data. There is no universal solution.
Alternatively, if the application is already closed by its authorization, then basic can not be done. Or you can change the authorization header in the web application. Or try to spread the back and front to different domains, so that one is closed by the BASIC, and the other by its own authorization.

Report
V
Vanya Huk, 2021-10-07
@vanyahuk

Try writing like this

set $auth_basic off;

    if ($request_method = 'GET') {
         set $auth_basic "Restricted";
    }
    auth_basic $auth_basic;
    auth_basic_user_file /etc/nginx/conf.d/.htpasswd;

Similar questions
I
Ingerniated2017-05-30 20:25:42
Will Soviet speakers fit a foreign amplifier? 3Reply
X
xonar2020-01-07 11:29:56
How to show your portfolio? 2Reply
F
Falseclock2019-05-15 08:24:36
What is the nginx module for monitoring connections and requests? 2Reply
S
Stanislav Pryadein2014-12-20 16:52:15
Which web server is currently up to date for a simple website? 4Reply
A
alexh78542019-05-16 14:44:21
How to set up dynamic subdomains on nginx with a single front controller? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question