Basicauth Gives No Login Request

I wanted to test out the File Manager plugin, so I added basicauth and filemanager to my Caddy file. When I restarted the server and visited the page in my browser (I tried Epiphany/GNOME Web and Chromium), it gave me a “401 Unauthorized” message, but it had never asked me for a username or password.

Browser Message

Caddy File

I have other sites configured in my Caddyfile that are not shown below, and the password IS NOT XXXXXXXX. {
        root /var/www/
        tls {
	protocols tls1.0 tls1.2
        log /var/www/logs/webdesign.log
        errors {
        log /var/www/logs/webdesign-error.log
        404 /errors/404.html
        header / {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"
\#       Content-Security-Policy "default-src 'none' ; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self' ; media-src 'self' ; object-src 'none' ; child-src 'none' ; frame-ancestors 'none' ; form-action 'self' ;"
        Public-Key-Pins "pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; pin-sha256=\"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Pr2hOJcdTcz63ucsPIH9XAJazPWZHdSMfAeb9lYWC5Q=\"; pin-sha256=\"klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=\"; pin-sha256=\"SMAnK9nweWoTAdwp1LVMG7hJIulUolcsTHwr2h7Kw3Y=\"; pin-sha256=\"5Flr8i4NX99DWqi7Ot0z2WoboW9myiaH1BvpgRpFMIk=\"; includeSubdomains; max-age=2592000;"
        X-Frame-Options "SAMEORIGIN"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"	 
	header /img Cache-Control "max-age=31536000"
	header /css Cache-Control "max-age=2592000"
	basicauth /files admin XXXXXXXX
	filemanager /files {
	show /var/www/

After playing with my Caddyfile for a bit, I discovered that if a removed the minify line from my Caddyfile, the “login screen” works. I’m assuming this is a bug I should report?

/cc @hacdias :wink:

Hi! Just to let you know that I already read your message. I’ll try to take a look at it today!! :slight_smile: Thanks for reporting!

Hello @matt and @mt-dev!

I’m pinging you both to let you know that I just pushed a fix for this. The problem was that I was sending the Content-Length header even when there was no content in requests like this.

Hope it helps! And, again, thanks for reporting this :slight_smile:

1 Like

Great! Thanks so much for the quick fix, @hacdias!

@matt, I don’t exactly know how “releases” work in Caddy. Does the build tool on the Caddy site pull directly from the GitHub repo, or will I need to wait for the next release to download the “fixed” version?

Unfortunately, at this point I do everything manually, so just wait until the next release :confused: - or I could potentially update it before then if I have the time.

It’s not a huge deal I was just curious. Thanks for the wonderful web server!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.