Closed mrothauer closed 5 years ago
Is it possible, that there is something broken in 3.7 concerning Basic Authentication and / or CORS?
It is possible. I don't think much changed around authentication in 3.7 though.
Thanks for your quick reply, it helped me focussing on other things than CakePHP.
I found the solution: I switched the server AND updated to cakephp 3.7 at the same time, the new server runs PHP in CGI mode, which does not support Basic Authentication.
This site helped to use Basic Auth: https://php.net/manual/en/features.http-auth.php#70864
Everything good again :-)
This is a (multiple allowed):
[x] bug
[ ] enhancement
[ ] feature-discussion (RFC)
CakePHP Version: 3.7.2
Platform and Target: apache, mysql, php 7.2
What you did
Basic Authentication is not working any more.
What happened
Sending a request with Postman
https://demo-en.foodcoopshop.com/api/getProducts.json Authorization: Basic Auth Username: fcs-demo-meat-manufacturer@mailinator.com Password: foodcoopshop
returns
{"message":"Unauthorized","url":"\/api\/getProducts.json","code":401}
The main parts of the source code can be found here: https://github.com/foodcoopshop/foodcoopshop/blob/d4240059b2ec2278fea350e647bfdbcbfbfd794f/plugins/Network/src/Controller/ApiController.php#L57-L70 https://github.com/foodcoopshop/foodcoopshop/blob/d4240059b2ec2278fea350e647bfdbcbfbfd794f/plugins/Network/webroot/js/sync-base.js#L231-L250
What you expected to happen
With CakePHP 3.6.x the same request returned the correct data, the login worked.
Before diving even deeper into the problem: Is it possible, that there is something broken in 3.7 concerning Basic Authentication and / or CORS?
Thank you, Mario