"final class" and CloudFlare proxification error

[saippuakauppias]

If a site is proxied through ClaudFlare using the "Flexible" mode (Encrypts traffic between the browser and Cloudflare), we will always get the error: "Insecure use of middleware over HTTP denied by configuration.".

That's because you incorrectly define the use of the HTTPS protocol in the following lines: https://github.com/tuupola/slim-basic-auth/blob/3.2.1/src/HttpBasicAuthentication.php#L107-L111

When using proxying through cloud providers (CloudFlare), you should use the following code: https://gist.github.com/saippuakauppias/f1082a32f5797755b69b043d4852eda2

I tried to inherit your class and fix it to get around this limitation, but your class is declared as "final". Why is that done?

PS: It is not possible to use the "Full" proxy mode in a CloudFlare, then you will need to set the slide certificate to nginx for each domain. This is a lot of manual work, which is difficult to automate (certificates are issued in the dashboard, most likely they can be issued through the API, but it's not such a task to spend a lot of time on integration with it).

[tuupola]

Since Cloudflare is anyway accessing the API insecurely over http you could also just set.

$app->add(new Tuupola\Middleware\HttpBasicAuthentication([
    "secure" => false
]));

There is practically no difference between this and trusting an arbitrary header.