Basic auth is sent to subsequent domains as well

michaeldr · September 5, 2018, 9:01am

If I enable basic auth for running a test on https://foo.com and foo.com page contains, for example, a js file loaded from https://cdn.bar.com/bundle.js then the basic auth Authorization header is being sent to that domain as well.

Do you think this is a desired behaviour ?

pmeenan · September 5, 2018, 6:56pm

Desired or not, it is the expected behavior. The auth header is added to all requests and there isn’t support for only adding it to requests for certain origins.

michaeldr · September 16, 2018, 5:40pm

Expected where ? As far as I know, this is not how the browser works.

Topic		Replies	Views
basic authentication - firefox, chrome for location frankfurt, germany Support	4	110	August 3, 2012
iOS 401 error with basic auth set Support	2	186	January 18, 2018
HTTP Auth does not work on Chrome Support	1	108	February 21, 2013
Firefox, SSL/HTTP2 and add/setHeader scripting issue Support	2	120	October 11, 2016
digest authentication Support	0	86	November 2, 2012

Basic auth is sent to subsequent domains as well

Related Topics