9

We have a staging server set up that uses HTTP Basic authentication for access which is independent of the user functionality on the site. Once the stage is accessed, I log in with some credentials (which do not use HTTP Basic) and I can proceed to do user things.

There's a few calls on the site that use a Bearer token for accessing some API functionality so each user is assigned their token and it's used properly to access the API if necessary. This works everywhere except Safari.

When I check the Authorization header and output the token in other browsers, it's in the proper Authorization: Bearer <token> format and the call succeeds. The same code running in Safari shows that the Authorization header was passed correctly in the request, but a debug output of the header shows it receiving Authorization: Basic <basic credentials> and, when resolved, will resolve to the credentials used to access the stage.

Why? Is there a setting in Safari that's doing this or is it a bug in Safari?

Brandon
  • 4,491
  • 6
  • 38
  • 59
  • 1
    I'm having the same issue, Basic is overwriting the Bearer that I'm setting in the GET request, in Safari. Did you ever figure this out? – Martin May 15 '18 at 17:32
  • 1
    Not for this specific scenario, no. Because I controlled one consumer of the token, I ended up passing the `Bearer` token as a `POST` parameter only when in the staging environment. What you can try though is the `realm` option [found here](https://stackoverflow.com/questions/12701085/what-is-the-realm-in-basic-authentication). HTH – Brandon May 15 '18 at 19:51

0 Answers0