When sending a Authorization: Basic xxxx header with every GET request, I retrieve the token on the server side.
With Chrome and Safari I get "Basic xxxx", so it's fine.
With Firefox I get "Digest username=..., realm=..., ...", although I can see "Basic xxxx" in the request with Firebug, and the Digest in Apache logs.
How is that happening ?
It occurred that my Apache configuration had the following lines, and uncommenting them, reloading and restarting Apache, then restarting the browser, solved the problem.
AuthType Digest
AuthName "[...]"
AuthUserFile "/home/[...]/.auth-digest"
Require valid-user
Probably at some point I registered to this auth with Chrome but never with Firefox, so it did not pass the first security layer and never tried to authenticate against the Basic one. Clearing all cookies/stored passwords/cache can help.