Basicauth Gives No Login Request

mt-dev · October 19, 2016, 8:48pm

I wanted to test out the File Manager plugin, so I added basicauth and filemanager to my Caddy file. When I restarted the server and visited the page in my browser (I tried Epiphany/GNOME Web and Chromium), it gave me a “401 Unauthorized” message, but it had never asked me for a username or password.

Browser Message

Caddy File

I have other sites configured in my Caddyfile that are not shown below, and the password IS NOT XXXXXXXX.

https://webdesign.flexstart.me {
        root /var/www/webdesign.flexstart.me
        gzip
	minify
        tls webmaster@flexstart.me {
	protocols tls1.0 tls1.2
	}
        log /var/www/logs/webdesign.log
        errors {
        log /var/www/logs/webdesign-error.log
        404 /errors/404.html
        }
        header / {
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"
\#       Content-Security-Policy "default-src 'none' ; script-src 'self' cdnjs.cloudflare.com; style-src 'self' cdnjs.cloudflare.com; img-src 'self' cdnjs.cloudflare.com; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com; connect-src 'self' ; media-src 'self' ; object-src 'none' ; child-src 'none' ; frame-ancestors 'none' ; form-action 'self' formspree.io ;"
        Public-Key-Pins "pin-sha256=\"Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=\"; pin-sha256=\"C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=\"; pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; pin-sha256=\"Pr2hOJcdTcz63ucsPIH9XAJazPWZHdSMfAeb9lYWC5Q=\"; pin-sha256=\"klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=\"; pin-sha256=\"SMAnK9nweWoTAdwp1LVMG7hJIulUolcsTHwr2h7Kw3Y=\"; pin-sha256=\"5Flr8i4NX99DWqi7Ot0z2WoboW9myiaH1BvpgRpFMIk=\"; includeSubdomains; max-age=2592000;"
        X-Frame-Options "SAMEORIGIN"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"	 
        }
	header /img Cache-Control "max-age=31536000"
	header /css Cache-Control "max-age=2592000"
	basicauth /files admin XXXXXXXX
	filemanager /files {
	show /var/www/webdesign.flexstart.me
	}
}

mt-dev · October 21, 2016, 3:16am

After playing with my Caddyfile for a bit, I discovered that if a removed the minify line from my Caddyfile, the “login screen” works. I’m assuming this is a bug I should report?

matt · October 21, 2016, 4:25am

/cc @hacdias

hacdias · October 21, 2016, 6:41am

Hi! Just to let you know that I already read your message. I’ll try to take a look at it today!! Thanks for reporting!

hacdias · October 21, 2016, 7:28pm

Hello @matt and @mt-dev!

I’m pinging you both to let you know that I just pushed a fix for this. The problem was that I was sending the Content-Length header even when there was no content in requests like this.

Hope it helps! And, again, thanks for reporting this

mt-dev · October 21, 2016, 11:24pm

Great! Thanks so much for the quick fix, @hacdias!

@matt, I don’t exactly know how “releases” work in Caddy. Does the build tool on the Caddy site pull directly from the GitHub repo, or will I need to wait for the next release to download the “fixed” version?

matt · October 22, 2016, 12:38am

Unfortunately, at this point I do everything manually, so just wait until the next release - or I could potentially update it before then if I have the time.

mt-dev · October 22, 2016, 1:21am

It’s not a huge deal I was just curious. Thanks for the wonderful web server!

system · January 20, 2017, 1:22am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.