auth_basic and file uploads.
Maxim Dounin
mdounin at mdounin.ru
Thu Apr 11 11:00:27 UTC 2013
Hello!
On Thu, Apr 11, 2013 at 06:18:19PM +1200, Steve Holdoway wrote:
> Hi Folks,
>
> I've got a magento site under development, and just want it to be
> password protected until it goes live. No problem I thought...
>
> add in the auth_basic/auth_basic_user_file entries to the location /
> block.
>
> However, when I do that, I get a password request for the upload...
>
> 2013/04/11 05:12:40 [error] 9866#0: *31 no user/password was provided
> for basic authentication, client: Mmy IP>, server: example.com, request:
> "POST /index.php/admin/catalog_product_gallery/upload/key/<very long
> key> HTTP/1.1", host: "example.com"
>
>
> If I enclose the auth_basic/auth_basic_user_file entries in a
> limit_except POST block, then I can't log in, wcwn though it them works
> perfectly if I'm already logged in!
>
>
> Any pointers??
If your browser sees password request only on file uploads, it may
not be able to get 401 (Unauthorized) response correctly and retry
the request with authentication. I would expect this to be very
similar to 413 (Request Entity Too Large) handling by browsers, as
explicitly mentioned here in docs:
http://nginx.org/r/client_max_body_size
Obvious solution is to require authentication before the upload.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list