Basic auth returns 403 when username & password supplied but not needed.

Created on 25 December 2016, over 7 years ago
Updated 27 April 2024, about 2 months ago

See Drupal\basic_auth\Authentication\Provider

  public function applies(Request $request) {
    $username = $request->headers->get('PHP_AUTH_USER');
    $password = $request->headers->get('PHP_AUTH_PW');
    return isset($username) && isset($password);
  }

This means that basic auth applies whenever the user submits a username and password. However my route has _access = TRUE and I've spent a long time wondering why that was overridden and I was still getting a 403.
Sure basic auth should apply according to some route parameter, not according to what the user does?

πŸ› Bug report
Status

Postponed: needs info

Version

11.0 πŸ”₯

Component
Basic authΒ  β†’

Last updated 22 days ago

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡³πŸ‡ΏNew Zealand quietone New Zealand

    There has been no discussion on this issue, perhaps this is no longer a problem?

    is this still relevant to Drupal 10 or later?

    Since we need more information to move forward with this issue, I am keeping the status at Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

    Thanks!

Production build 0.69.0 2024