How can I make sure AuthName works in all browsers? How can I make sure AuthName works in all browsers? google-chrome google-chrome

How can I make sure AuthName works in all browsers?


apache .htaccess google-chrome .htpasswd

The AuthName directive sets the realm parameter in the corresponding header, something like:

WWW-Authenticate: Basic realm="HELLO WORLD"

I found a Chromium ticket from October 2015 that reports a man in the middle attack related to HTTP authentication: Issue 544244 - HTTP basic auth credentials prompt should make the origin stand out more. During the discussion it was pointed out that text in realm can not be trusted and can be used in phishing attacks to trick users into revealing passwords to third-parties. I'm not a security expert but I understand that a proxy can inject headers —and usually does— thus the issue.

Apparent, the realm was removed form the authentication dialogue as a result of this and changes were eventually ported to Chrome. You can see the Do not show untrustworthy strings in the basic auth dialog code review for further details.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last