I’m trying to enforce that the param query is set with value blabla. This works perfect. I understand that this is not safe, but for my purposes it’s good enough. Now I want to make it better by responding with a 401 when the query param is not provided. I simply don’t understand how to do that. So in other words: the happy path works, but how to catch all the scenario’s where the param does not have value blabla?
5. What I already tried:
I tried adding respond "nope" 401 to the caddyfile, but this resulted in always responding a 401.
This works for the “root” page, in my case that’s an index.html file. Also the validation part (the param check) also works. But the piece which doesn’t work is everything else then fetching the root page. For example, I have a css file in the same directory as well: index.css. When I try to open that file, I still get a HTTP 200 response, including an empty page. Any clue?
Your handle directives don’t make sense – handle blocks are mutually exclusive, so only the first matching one will run. You’re using the same matcher (a path matcher of / which only matches exactly / and nothing else) so the first one will shadow/cover/overlap the other one and cause it to never run.
I’m not quite sure what you’re trying to do. You only want to serve something on the root path of your site but no other paths? Then remove the / matcher from your second handle so that it matches all requests.
Also, you don’t need the double-quotes around the matcher of your first handle, you’re not using and spaces in that “token” so it’s redundant.
You might also intend to put the @secured matcher on your handle instead of on file_server. But again I’m not sure your intent so that’s just a clue in case you didn’t realize you could do that.