Adding "Authorization" in .htaccess

More
7 years 3 months ago #84 by dbode
Hi Steve,

I want to "hide" the api from outside. The token based system is ok, but not enough for me, so I want to make it even more secure.

So I want to use a basic auth via .htaccess.
BUT the ./api/v1/.htaccess contains this line:
Header add Access-Control-Allow-Headers "X-Requested-With, Origin, Content-Type, token, dlid, nonce"

When using Authorization, it must be added! So please expand the line to this:
Header add Access-Control-Allow-Headers "X-Requested-With, Origin, Content-Type, token, dlid, nonce, Authorization"

Then it can be secured with apache based basic auth :)

Please Log in or Create an account to join the conversation.

More
7 years 1 month ago #90 by steve.tsiopanos
Replied by steve.tsiopanos on topic Adding "Authorization" in .htaccess
Done!

This will be included in cAPI v1.2.8.

Please Log in or Create an account to join the conversation.

Cron Job Starts