search

silverstripe / cwp-core

CWP basic compatibility module
BSD 3-Clause "New" or "Revised" License
3 stars 12 forks source link

Basic auth on production seems faulty #67

Closed emteknetnz closed 5 years ago

emteknetnz commented 5 years ago

The instructions here https://www.cwp.govt.nz/developer-docs/en/2/how_tos/basic_auth/ for enabling basic auth on prod don't appear to be working correctly

---
Name: mysitesecuritylive
After: '#cwpsecuritylive'
---
SilverStripe\Security\BasicAuth:
  entire_site_protected: true

Non admin users (e.g. content author) were unable to get past the basic auth pop-up after entering their credentials and https://dash.cwp.govt.nz/naut/project/mystack/environment/prod/letmein was not working either

robbieaverill commented 5 years ago

I think the "Enabling in production" section is outdated, and needs to be updated to reference BasicAuthMiddleware configuration instead.

brynwhyman commented 5 years ago

Raised an issue to update the docs separately https://github.com/silverstripe/cwp/issues/197