On page refresh Http-basic-authorization conflicts with this module in SSR mode

[katyazanina]

For development purpose we have basic auth:

     export default defineNitroPlugin((nitroApp) => {
               nitroApp.hooks.hook('render:response', (response, { event }) => {
        const { username, password, enabled } = useRuntimeConfig().basicAuth;

        const realm = 'default';

        if (enabled) {
            let authenticated = false;

            const base64Credentials = event.node.req.headers?.authorization?.split(' ')?.[1];

            if (base64Credentials) {
                const credentials = Buffer.from(base64Credentials, 'base64').toString('ascii');
                const [credentialsUsername, credentialsPassword] = credentials.split(':');
                authenticated = credentialsUsername === username && credentialsPassword === password;
            }

            if (!authenticated) {
                response.statusCode = 401;
                response.headers = response.headers || {};
                response.headers['WWW-Authenticate'] = `Basic realm="${realm}"`;
                response.body = 'Access denied!';
            }
        }
    });
});

Problem: when reloading the page, the user is logged out and userFetch requests are not initialized. Looks like the user is logged out

1. The problem is reproducible with any module for basic authorization for Nuxt3
2. The problem does not reproduce on localhost
3. With ssr:false the problem is not reproduced

We also have a Vue2 project with basic authorization and an auth-module, and there is no such problem there either.

`auth: {
        watchLoggedIn: true,
        redirect: {
            logout: false,
            login: false,
            home: false,
        },
        resetOnError: true,
        strategies: {
            local: {
                scheme: 'refresh',
                token: {
                    property: 'accessToken',
                    maxAge: 60 * 30,
                    global: true,
                    type: 'Bearer',
                },
                refreshToken: {
                    property: 'refreshToken',
                    data: 'refreshToken',
                    maxAge: 60 * 60 * 24 * 30,
                },
                user: {
                    property: false,
                },
                endpoints: {
                    refresh: {
                        url: `${baseUrl}/user/auth/refresh/`,
                        method: 'post',
                    },
                    user: {
                        url: `${baseUrl}/user/`,
                        method: 'get',
                    },
                    logout: {
                        url: `${baseUrl}/user/auth/logout/`,
                        method: 'get',
                    },
                },
            },
        },
    },`

Doc response headers:

And request headers:

[Denoder]

try version 2.3.10?

[katyazanina]

Thanks for the answer! We tried.

Behavior has not changed Authentication reset after page refresh.