• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Password protect Chevereto with .htaccess

Status
Not open for further replies.
R

Roahog

Chevereto Member
Hi all,

just tried to protect my Chevereto Installation with the .htaccess file.

Code: 
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /etc/apache2/htusers
AuthGroupFile /dev/null
<Files *.php>
require valid-user
</Files>
<Files *.js>
require valid-user
</Files>

ServerSignature Off
Options -Indexes

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^api$ api.php [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

ErrorDocument 400 default
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

In Firefox it works great in chrome I get an error message:


In Firefox a windows security dialogs pop-up and reask for the password. At the same point chrome popup with this error message.

Any suggestions?

Best regards,
Magnus
 
It's a problem in your server, My firefox doesn't ask for user:pass it just shouts the 401 page.
 
Nope, I have remember why this shouts a error.
When you set a user:password that appy for the curren "client". The uploader used on Chevereto is a flash uploader meaning that the request that the flash file does to the server it counts like another "client" and since this client doesn't have the credentials the system shouts an HTTP error. In firefox you get a window that ask the user:pass but in Chrome you don't get that, it doesn't give you the option to submit the user:pass.

Thing is that since the uploader is another client, there is no workaround for this at least without doing major tweaks in the current uploader (Chevereto will drop uploadify on 3.0).

But you can trick the system, having a user:pass for uploadify and call the uploader using http://user:pass@mysite.com/upload.php in the ajax call should work.
 
So, is it my webserver or is it a combination of chrome and the upload mechanism?

Best regards,
Magnus
 
Roahog said:
So, is it my webserver or is it a combination of chrome and the upload mechanism?

Best regards,
Magnus
Click to expand...

Nop, is the browser that doesn't understand to request a password and the system that doesn't provide that password. Chrome have always works like that so if you want to have chrome compatibility soon the best that you can do is create a user:pass for uploadify and tweak the javascript code in Chevereto.
 
Status
Not open for further replies.
Back
Top