I check for the endpoint using the $_SERVER['REQUEST_URI'] global variable and then abort authentication if the endpoint doesn't match one that I specifically whitelisted. This isn't guaranteed to work in every case - since some previous operation could change the value of that variable - but it works good enough for my use-case. I also added some brute force protections to further improve security
I actually was able to solve this issue in my fork of the project: https://github.com/Trifoia/Basic-Auth/blob/master/basic-auth.php#L14-L23
I check for the endpoint using the
$_SERVER['REQUEST_URI']global variable and then abort authentication if the endpoint doesn't match one that I specifically whitelisted. This isn't guaranteed to work in every case - since some previous operation could change the value of that variable - but it works good enough for my use-case. I also added some brute force protections to further improve security