I have a problem with Basic Authentication. The server was an Apache httpd server 2.2.12 and I have created a location protected by basic auth:
<Location /basictest>
AuthType Basic
AuthName "BasicAuth di Test"
AuthBasicProvider file
AuthUserFile /etc/apache2/basictest.passwords
Require valid-user
</Location>
In the password file /etc/apache2/basictest.passwords I have defined two:
user:password
pippo:pippo£
kanji:誰か確認上記これらのフ
If I test the access with Chrome (47.x) all works fine, but if I test the link with Firefox (43.x) or with Safari Web Browser on iOS(Safari/601.1) the authentication failed because the base64 encoding of user:password use a wrong character set (Windows-1252)! In Chrome test case the character set used was UTF-8
Chrome ---------> cGlwcG86cGlwcG/Cow==
Safari/FireFox -> cGlwcG86cGlwcG+j
In the meantime we waiting https://www.rfc-editor.org/rfc/rfc7617 implementations, can I force FireFox and Safari to use UTF-8 on base64 encryption as Chrome's behavior?
I dont sure if its a bug because browsers work with different encode/chars.
Already use UTF-8 anyway:
- Opera 10
- Chrome
Uses a different encoding but has no problem with req param (so ASCII is still OK):
Firefox 1-4 (UTF-16 lower bytes)
Safari 4-5 (ISO-8859-1)
IE:Mac 5 (MacRoman)
IE 5-8 (CP_ACP)
IEMobile 6-8 (CP_ACP)
Netscape 4 (CP_ACP)
Opera 5 (CP_ACP)
https://bugzilla.mozilla.org/show_bug.cgi?id=41489#c90
About his doubts. The Basic authentication does not provide support for non-ISO-8859-1 characters.
You can try to convert the characters in .htaccess to UTF8, not tested, not sure if it works. How to change the default encoding to UTF-8 for Apache?
I recommend using another authentication method or create a login page.
If other colleagues have a better solution, please let me know.