Home
Support Forums

Auth headers setting by error

Hi guys, our team has all our application environments on netlify. As they are public, we’ve been keeping them non-public by using basic authentication headers. We already used that approach for a react application, basically our netlify.toml use different context per environment, executing a bash file with the env as variable, and that script set the “user: pass” string from the environment variable set on the UI to the _headers file if the env != prod.

Now the same approach is not working for a nextjs application, the script is working as usual, not headers are set from there, but for some reason, the headers are present in the build. I’ve tried many things in the bash script but the problem seems to be somewhere else. Maybe something related with the nextjs plugin, as it is the only difference with the other application.

Our app name is splunk-show, this is one of the deployed sites: development–splunk-show.netlify.app.
PLEASE help us help you by writing a good post!

this is the portion of the build script that set the headers:

Netflify config: Replace headers basic auth

sed -i s/HEADER_BASIC_AUTH/${HEADER_BASIC_AUTH}/g _headers

# Netlify config: copy authentication headers

if [ $REACT_APP_STAGE != "prod" ]; then

  if ! cp _headers out; then

    echo "copy headers failed" 1>&2

    exit 1

  fi

fi

this is our netlify.toml:

# Global settings applied to the whole site.
# “base” is directory to change to before starting build, and
# “publish” is the directory to publish (relative to root of your repo).
# “command” is your build command.

[build]
  publish = "out"
  command = "CI=false REACT_APP_STAGE=dev ROLLBAR_ENV=development ./build.sh"

# Production context: All deploys to the main
# repository branch (master) will inherit these settings.
[context.production]
  command = "CI=false REACT_APP_STAGE=prod ROLLBAR_ENV=production ./build.sh"

# Staging context: All deploys to the staging
# branch will inherit these settings.
[context.staging]
  command = "CI=false REACT_APP_STAGE=staging ROLLBAR_ENV=staging ./build.sh"

# Development context: All deploys to the development
# branch will inherit these settings.
[context.development]
  command = "CI=false REACT_APP_STAGE=dev ROLLBAR_ENV=development ./build.sh"

# Deploy Preview context: All Deploy Previews
# will inherit these settings.
[context.deploy-preview]
  command = "CI=false REACT_APP_STAGE=dev ROLLBAR_ENV=preview ./build.sh"

# Branch Deploy context: All deploys that are not in
# an active Deploy Preview will inherit these settings.
[context.branch-deploy]
  command = "CI=false REACT_APP_STAGE=dev ROLLBAR_ENV=preview ./build.sh"

# Always redirect any request to our index.html
# and return the status code 200.
[[redirects]]
    from    = "/*"
    to      = "/index.html"
    status  = 200

and finally, this is the output of a production build setting the headers

3:04:15 PM: Build ready to start
3:04:17 PM: build-image version: fd3b56fcdbaad56e70919e8a4b2da9b411ec3532 (xenial)
3:04:17 PM: build-image tag: v3.10.1
3:04:17 PM: buildbot version: a920b20c3f3dab491b49fefd5e2313224e19825f
3:04:17 PM: Building without cache
3:04:17 PM: Starting to prepare the repo for build
3:04:18 PM: No cached dependencies found. Cloning fresh repo
3:04:18 PM: git clone https://github.com/splunk/splunk-show-client
3:04:20 PM: Preparing Git Reference refs/heads/master
3:04:20 PM: Parsing package.json dependencies
3:04:21 PM: Different build command detected, going to use the one specified in the Netlify configuration file: 'CI=false REACT_APP_STAGE=prod ROLLBAR_ENV=production ./build.sh' versus 'npm run build' in the Netlify UI
3:04:21 PM: Starting build script
3:04:21 PM: Installing dependencies
3:04:21 PM: Python version set to 2.7
3:04:22 PM: v12.18.0 is already installed.
3:04:23 PM: Now using node v12.18.0 (npm v6.14.4)
3:04:23 PM: Started restoring cached build plugins
3:04:23 PM: Finished restoring cached build plugins
3:04:23 PM: Attempting ruby version 2.7.2, read from environment
3:04:25 PM: Using ruby version 2.7.2
3:04:25 PM: Using PHP version 5.6
3:04:25 PM: Started restoring cached node modules
3:04:25 PM: Finished restoring cached node modules
3:04:26 PM: Found npm version (6.14.4) that doesn't match expected (6.11.3)Installing npm at version 6.11.3
3:04:42 PM: /opt/buildhome/.nvm/versions/node/v12.18.0/bin/npm -> /opt/buildhome/.nvm/versions/node/v12.18.0/lib/node_modules/npm/bin/npm-cli.js
3:04:42 PM: /opt/buildhome/.nvm/versions/node/v12.18.0/bin/npx -> /opt/buildhome/.nvm/versions/node/v12.18.0/lib/node_modules/npm/bin/npx-cli.js
3:04:42 PM: + npm@6.11.3
3:04:42 PM: added 8 packages from 3 contributors, removed 13 packages and updated 49 packages in 15.336s
3:04:42 PM: NPM installed successfully
3:04:42 PM: Installing NPM modules using NPM version 6.11.3
3:05:17 PM: > core-js-pure@3.16.1 postinstall /opt/build/repo/node_modules/core-js-pure
3:05:17 PM: > node -e "try{require('./postinstall')}catch(e){}"
3:05:19 PM: npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@2.3.2 (node_modules/fsevents):
3:05:19 PM: npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@2.3.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})
3:05:19 PM: added 1514 packages from 970 contributors and audited 1517 packages in 36.129s
3:05:19 PM: found 20 vulnerabilities (18 moderate, 2 high)
3:05:19 PM:   run `npm audit fix` to fix them, or `npm audit` for details
3:05:19 PM: NPM modules installed
3:05:20 PM: Started restoring cached go cache
3:05:20 PM: Finished restoring cached go cache
3:05:20 PM: go version go1.14.4 linux/amd64
3:05:20 PM: go version go1.14.4 linux/amd64
3:05:20 PM: Installing missing commands
3:05:20 PM: Verify run directory
3:05:21 PM: ​
3:05:21 PM: ────────────────────────────────────────────────────────────────
3:05:21 PM:   Netlify Build                                                 
3:05:21 PM: ────────────────────────────────────────────────────────────────
3:05:21 PM: ​
3:05:21 PM: ❯ Version
3:05:21 PM:   @netlify/build 18.23.1
3:05:21 PM: ​
3:05:21 PM: ❯ Flags
3:05:22 PM:   baseRelDir: true
3:05:22 PM:   buildId: 6195441f0cbd3c4e544e1cc6
3:05:22 PM:   deployId: 6195441f0cbd3c4e544e1cc8
3:05:22 PM: ​
3:05:22 PM: ❯ Current directory
3:05:22 PM:   /opt/build/repo
3:05:22 PM: ​
3:05:22 PM: ❯ Config file
3:05:22 PM:   /opt/build/repo/netlify.toml
3:05:22 PM: ​
3:05:22 PM: ❯ Context
3:05:22 PM:   production
3:05:22 PM: ​
3:05:22 PM: ❯ Installing plugins
3:05:22 PM:    - @netlify/plugin-nextjs@3.9.2
3:05:49 PM: ​
3:05:49 PM: ❯ Loading plugins
3:05:49 PM:    - @netlify/plugin-nextjs@3.9.2 from Netlify app
3:05:50 PM: ​
3:05:50 PM: ────────────────────────────────────────────────────────────────
3:05:50 PM:   1. @netlify/plugin-nextjs (onPreBuild event)                  
3:05:50 PM: ────────────────────────────────────────────────────────────────
3:05:50 PM: ​
3:05:50 PM: Using Next.js 10.2.3
3:05:50 PM: info  - Using webpack 5. Reason: no custom webpack configuration in next.config.js https://nextjs.org/docs/messages/webpack5
3:05:50 PM: The "target" config property must be one of "serverless", "experimental-serverless-trace". Building with "serverless" target.
3:05:51 PM: info  - Using webpack 5. Reason: no custom webpack configuration in next.config.js https://nextjs.org/docs/messages/webpack5
3:05:51 PM: No Next.js cache to restore.
3:05:51 PM: ​
3:05:51 PM: (@netlify/plugin-nextjs onPreBuild completed in 1.4s)
3:05:51 PM: ​
3:05:51 PM: ────────────────────────────────────────────────────────────────
3:05:51 PM:   2. build.command from netlify.toml                            
3:05:51 PM: ────────────────────────────────────────────────────────────────
3:05:51 PM: ​
3:05:51 PM: $ CI=false REACT_APP_STAGE=prod ROLLBAR_ENV=production ./build.sh
3:05:51 PM: > splunk-show-client@0.1.0 test-build /opt/build/repo
3:05:51 PM: > jest
3:06:10 PM:  PASS  __tests__/components/AuthenticatedPage/index.test.js (14.11 s)
3:06:10 PM:  PASS  __tests__/services/WebSocket/index.test.js (14.301 s)
3:06:15 PM:  PASS  __tests__/components/DemoStackActions/index.test.js (18.042 s)
3:06:15 PM:  PASS  __tests__/components/DemoStackDetails/index.test.js (18.438 s)
3:06:15 PM: Test Suites: 4 passed, 4 total
3:06:15 PM: Tests:       27 passed, 27 total
3:06:15 PM: Snapshots:   0 total
3:06:15 PM: Time:        21.438 s
3:06:15 PM: Ran all test suites.
3:06:15 PM: > splunk-show-client@0.1.0 build /opt/build/repo
3:06:15 PM: > next build
3:06:16 PM: warn  - React 17.0.1 or newer will be required to leverage all of the upcoming features in Next.js 11. Read more: https://nextjs.org/docs/messages/react-version
3:06:16 PM: info  - Loaded env from /opt/build/repo/.env.local
3:06:16 PM: info  - Using webpack 5. Reason: no custom webpack configuration in next.config.js https://nextjs.org/docs/messages/webpack5
3:06:16 PM: info  - Checking validity of types...
3:06:16 PM: info  - Creating an optimized production build...
3:07:49 PM: (node:1806) [DEP_WEBPACK_CHUNK_HAS_ENTRY_MODULE] DeprecationWarning: Chunk.hasEntryModule: Use new ChunkGraph API
3:07:49 PM: (node:1806) [DEP_WEBPACK_CHUNK_ADD_MODULE] DeprecationWarning: Chunk.addModule: Use new ChunkGraph API
3:07:57 PM: warn  - Compiled with warnings
3:07:57 PM: ./node_modules/next/dist/next-server/server/load-components.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: ./node_modules/next/dist/next-server/server/load-components.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: ./node_modules/next/dist/next-server/server/load-components.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: ./node_modules/next/dist/next-server/server/require.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: ./node_modules/next/dist/next-server/server/require.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: ./node_modules/next/dist/next-server/server/require.js
3:07:57 PM: Critical dependency: the request of a dependency is an expression
3:07:57 PM: info  - Collecting page data...
3:08:04 PM: info  - Generating static pages (0/14)
3:08:10 PM: info  - Generating static pages (3/14)
3:08:11 PM: info  - Generating static pages (6/14)
3:08:11 PM: info  - Generating static pages (10/14)
3:08:11 PM: info  - Generating static pages (14/14)
3:08:11 PM: info  - Finalizing page optimization...
3:08:12 PM: Page                                               Size     First Load JS
3:08:12 PM: ┌ ○ /                                              267 B           579 kB
3:08:12 PM: ├   /_app                                          0 B             579 kB
3:08:12 PM: ├ ○ /404                                           349 B           579 kB
3:08:12 PM: ├ ○ /demos                                         295 B           579 kB
3:08:12 PM: ├ ○ /demos/[demoType]                              499 B           579 kB
3:08:12 PM: ├ ○ /demos/[demoType]/[stackId]                    3.56 kB         590 kB
3:08:12 PM: ├ ○ /demos/create                                  4.02 kB         600 kB
3:08:12 PM: ├ ○ /login                                         1.14 kB         580 kB
3:08:12 PM: ├ ○ /success-login                                 1.52 kB         580 kB
3:08:12 PM: ├ ○ /videos                                        2.88 kB         581 kB
3:08:12 PM: ├ ○ /workshops                                     2.5 kB          581 kB
3:08:12 PM: ├ ○ /workshops/[stackId]                           5.98 kB         592 kB
3:08:12 PM: ├ ○ /workshops/[stackId]/resources/[resourceName]  574 B           579 kB
3:08:12 PM: └ ○ /workshops/create                              4.05 kB         600 kB
3:08:12 PM: + First Load JS shared by all                      579 kB
3:08:12 PM:   ├ chunks/framework.4ce7b1.js                     40.8 kB
3:08:12 PM:   ├ chunks/main.593aa4.js                          19.6 kB
3:08:12 PM:   ├ chunks/pages/_app.6edd00.js                    516 kB
3:08:12 PM:   ├ chunks/webpack.744493.js                       2.37 kB
3:08:12 PM:   └ css/89b5a485c7e05314c03e.css                   293 B
3:08:12 PM: λ  (Lambda)  server-side renders at runtime (uses getInitialProps or getServerSideProps)
3:08:12 PM: ○  (Static)  automatically rendered as static HTML (uses no initial props)
3:08:12 PM: ●  (SSG)     automatically generated as static HTML + JSON (uses getStaticProps)
3:08:12 PM:    (ISR)     incremental static regeneration (uses revalidate in getStaticProps)
3:08:12 PM:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
3:08:12 PM:                                  Dload  Upload   Total   Spent    Left  Speed
3:08:12 PM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
3:08:12 PM:   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
3:08:12 PM: 100   164  100    45  100   119    149    394 --:--:-- --:--:-- --:--:--   394
3:08:12 PM: {
3:08:12 PM:   "data": {
3:08:12 PM:     "deploy_id": 23048399
3:08:12 PM:   }
3:08:12 PM: }​
3:08:12 PM: (build.command completed in 2m 21s)
3:08:12 PM: ​
3:08:12 PM: ────────────────────────────────────────────────────────────────
3:08:12 PM:   3. @netlify/plugin-nextjs (onBuild event)                     
3:08:12 PM: ────────────────────────────────────────────────────────────────
3:08:12 PM: ​
3:08:12 PM: Detected Next.js site. Copying files...
3:08:12 PM: ** Running Next on Netlify package **
3:08:12 PM: 🚀 Next on Netlify 🚀
3:08:12 PM: 🌍️ Copying public folder to /opt/build/repo/out
3:08:12 PM: 💼 Copying static NextJS assets to /opt/build/repo/out
3:08:12 PM: 💫 Setting up API endpoints as Netlify Functions in /opt/build/repo/.netlify/functions-internal
3:08:12 PM: 💫 Setting up pages with getInitialProps as Netlify Functions in /opt/build/repo/.netlify/functions-internal
3:08:12 PM: 💫 Setting up pages with getServerSideProps as Netlify Functions in /opt/build/repo/.netlify/functions-internal
3:08:12 PM: 🔥 Copying pre-rendered pages with getStaticProps and JSON data to /opt/build/repo/out
3:08:12 PM: 💫 Setting up pages with getStaticProps and fallback: true as Netlify Functions in /opt/build/repo/.netlify/functions-internal
3:08:12 PM: 💫 Setting up pages with getStaticProps and revalidation interval as Netlify Functions in /opt/build/repo/.netlify/functions-internal
3:08:12 PM: 🔥 Copying pre-rendered pages without props to /opt/build/repo/out
3:08:12 PM: Building 13 pages
3:08:12 PM: 🔀 Setting up redirects
3:08:12 PM: 🔀 Setting up headers
3:08:12 PM: ✅ Success! All done!
3:08:12 PM: ​
3:08:12 PM: (@netlify/plugin-nextjs onBuild completed in 105ms)
3:08:12 PM: ​
3:08:12 PM: ────────────────────────────────────────────────────────────────
3:08:12 PM:   4. Functions bundling                                         
3:08:12 PM: ────────────────────────────────────────────────────────────────
3:08:12 PM: ​
3:08:12 PM: Packaging Functions from .netlify/functions-internal directory:
3:08:12 PM:  - next_image/next_image.js
3:08:12 PM: ​
3:08:14 PM: ​
3:08:14 PM: (Functions bundling completed in 2.2s)
3:08:14 PM: ​
3:08:14 PM: ────────────────────────────────────────────────────────────────
3:08:14 PM:   5. @netlify/plugin-nextjs (onPostBuild event)                 
3:08:14 PM: ────────────────────────────────────────────────────────────────
3:08:14 PM: ​
3:08:15 PM: Next.js cache saved.
3:08:15 PM: 
3:08:15 PM: For faster deploy times, build IDs should be set to a static value.
3:08:15 PM: To do this, set generateBuildId: () => 'build' in your next.config.js
3:08:15 PM: ​
3:08:15 PM: (@netlify/plugin-nextjs onPostBuild completed in 821ms)
3:08:15 PM: ​
3:08:15 PM: ────────────────────────────────────────────────────────────────
3:08:15 PM:   6. Deploy site                                                
3:08:15 PM: ────────────────────────────────────────────────────────────────
3:08:15 PM: ​
3:08:15 PM: Starting to deploy site from 'out'
3:08:15 PM: Creating deploy tree 
3:08:15 PM: Creating deploy upload records
3:08:16 PM: 13 new files to upload
3:08:16 PM: 0 new functions to upload
3:08:16 PM: Site deploy was successfully initiated
3:08:16 PM: ​
3:08:16 PM: (Deploy site completed in 819ms)
3:08:16 PM: ​
3:08:16 PM: ────────────────────────────────────────────────────────────────
3:08:16 PM:   Netlify Build Complete                                        
3:08:16 PM: ────────────────────────────────────────────────────────────────
3:08:16 PM: ​
3:08:16 PM: (Netlify Build completed in 2m 54.6s)
3:08:16 PM: Starting post processing
3:08:16 PM: Post processing - HTML
3:08:16 PM: Caching artifacts
3:08:16 PM: Started saving node modules
3:08:16 PM: Finished saving node modules
3:08:16 PM: Started saving build plugins
3:08:16 PM: Finished saving build plugins
3:08:16 PM: Started saving pip cache
3:08:17 PM: Finished saving pip cache
3:08:17 PM: Started saving emacs cask dependencies
3:08:17 PM: Finished saving emacs cask dependencies
3:08:17 PM: Started saving maven dependencies
3:08:17 PM: Finished saving maven dependencies
3:08:17 PM: Started saving boot dependencies
3:08:17 PM: Finished saving boot dependencies
3:08:17 PM: Started saving rust rustup cache
3:08:17 PM: Finished saving rust rustup cache
3:08:17 PM: Started saving go dependencies
3:08:17 PM: Finished saving go dependencies
3:08:17 PM: Post processing - header rules
3:08:17 PM: Post processing - redirect rules
3:08:18 PM: Post processing done
3:08:18 PM: Site is live ✨
3:08:19 PM: Build script success
3:08:58 PM: Finished processing build request in 4m40.52563994s

Could you try to change the name of the _headers file to something else? Since you’re using the cp command, I believe you can set the name of the destination which can be different than the source, so maybe that would work?

Thanks for your response. We changed the approach a little bit, instead of copying the _headers file for environments different than prod, we’re deleting the file just for prod. So the result is the same for us, prod is open and the rest of the environments are protected by headers based authentication

Hi there, @mrcportillo :wave:

Thanks for letting us know! Does that mean you have everything working now? If so, that’s great! If not, please let us know so we can continue assisting here :slight_smile: