Hello! On Thu, Apr 11, 2013 at 06:18:19PM +1200, Steve Holdoway wrote:
> Hi Folks, > > I've got a magento site under development, and just want it to be > password protected until it goes live. No problem I thought... > > add in the auth_basic/auth_basic_user_file entries to the location / > block. > > However, when I do that, I get a password request for the upload... > > 2013/04/11 05:12:40 [error] 9866#0: *31 no user/password was provided > for basic authentication, client: Mmy IP>, server: example.com, request: > "POST /index.php/admin/catalog_product_gallery/upload/key/<very long > key> HTTP/1.1", host: "example.com" > > > If I enclose the auth_basic/auth_basic_user_file entries in a > limit_except POST block, then I can't log in, wcwn though it them works > perfectly if I'm already logged in! > > > Any pointers?? If your browser sees password request only on file uploads, it may not be able to get 401 (Unauthorized) response correctly and retry the request with authentication. I would expect this to be very similar to 413 (Request Entity Too Large) handling by browsers, as explicitly mentioned here in docs: http://nginx.org/r/client_max_body_size Obvious solution is to require authentication before the upload. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
