Caddy’s basicauth module expects an Authorization header with matching base64-encoded credentials.
In basic HTTP authentication, a request contains a header field in the form of
Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon:.
If KeeWeb is correctly forming this Authorization header for its requests, the basicauth directive will not respond with a 401 for it. So we can infer that KeeWeb is either not sending the basic auth credentials or not forming it correctly.
We can confirm that it is missing by looking at your own supplied log output above:
Noting the complete lack of Authorization request header.
You should already be sending some headers, the usual CORS headers, so just one to add. From my other post, emphasis mine:
As for adding the single header you’d need, and responding, this is the relevant part of the post:
handle isn’t necessary, it’s just more readable in my opinion.
Note also that if you’re doing this across the entire board for all OPTIONS requests, you might want to narrow it down a bit more. Note also my further response in the linked thread: