[Solved] Apache headers not being sent before login

3 posts / 0 new
Last post
#1 Mon, 04/18/2016 - 09:00

[Solved] Apache headers not being sent before login


got a strange one:

I have a virtualhost which provides some kind of RSS feed.

This RSS feed will go into another software, which provides the information to the user.

Now i need to restrict the users, being able to access the website for further information to those, which are able to access the feed.

So, easy solution would be using an htaccess file. Which i did.

The software receiving the RSSfeed also needs to get the apache headers, in order to work correctly. Which it gets, but AFTER sending the login crecentials.

But it needs them beforehand.

So: this is how the header looks like before login at the moment:

Connection: Keep-Alive Content-Length: 381 Content-Type: text/html; charset=iso-8859-1 Date: Mon, Apr 18 2015 08:09:52 Keep-Alive: timeout=5, max=100 Server Apache/2.4.7 WWW-Authenticate: Basic realm="secure"

Instead it would have include something like this as well:

Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Authorization,Accept, Content-Type, Content-Length,* Access-Control-Allow_methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *

I tried to add this Access Control parameters at different places, but whether i put it in virtual hosts conf file, or created a new conf file in conf-available and symlink it to conf-enabled, or put it in the .htaccess file as first entry and having the part:

AuthName "secure" AuthType Basic AuthUserFile /home/viamedici.tv/.blog-htpasswd require valid-user

further on, it won't change anything. the first reply, before sending the login credentials will not have the access control settings within the header, which are required.

Anybody any idea?

Thanks for help and best

Tue, 04/19/2016 - 01:27

Hi, after checking various websites i found a a possible solution, by using the option 'early'. I will give it a try lateron today and see, if this will work out. Unfortunately this is only meant for testing but not production environments,

So if anybody has another idea, this is most welcome.

Thanks and best.

Tue, 04/19/2016 - 03:16

This seems to be quite easy, if you look at the right places:

instead of just using:

Require valid-user

i should have used:

<LimitExcept OPTIONS>
                Require valid-user

Now it it working as intended...


Topic locked