Adding "Authorization" in .htaccess

More
1 year 11 months ago #84 by dbode
Hi Steve,

I want to "hide" the api from outside. The token based system is ok, but not enough for me, so I want to make it even more secure.

So I want to use a basic auth via .htaccess.
BUT the ./api/v1/.htaccess contains this line:
Header add Access-Control-Allow-Headers "X-Requested-With, Origin, Content-Type, token, dlid, nonce"

When using Authorization, it must be added! So please expand the line to this:
Header add Access-Control-Allow-Headers "X-Requested-With, Origin, Content-Type, token, dlid, nonce, Authorization"

Then it can be secured with apache based basic auth :)

Please Log in or Create an account to join the conversation.

More
1 year 9 months ago #90 by steve.tsiopanos
Replied by steve.tsiopanos on topic Adding "Authorization" in .htaccess
Done!

This will be included in cAPI v1.2.8.

Please Log in or Create an account to join the conversation.

Newsletter