Basic-Auth and Redirects

I’m using Basic-Auth to password-protect some of the content on a website. Auth and login work as expected, but when I click ‘Cancel’ on the auth dialog, I’m taken to a broken page with that says HTTP ERROR 401.

For ‘Cancel’, I’d like to simply close the dialog, or at least redirect back to the index page. I’ve tried to declare a redirect for the 401 error using the netlify.toml file, but haven’t been successful. What am I doing wrong?

Welcome to our community site, @interactivematt.

There isn’t a way to make a custom 401 page at this time. We do have an open feature request for this and I have added this community topic to that feature request.

If/when making a custom 401 page becomes possible with Netlify, we’ll follow-up here to let you (and anyone visiting this page) know about the new feature.

If there are other questions about this, we’re happy to answer.

Hi, I just ran into this today. The docs now (not sure if it did then) specifically say we can do this.

From https://docs.netlify.com/configure-builds/file-based-configuration/#redirects -

" You can redirect back to / if the user is unauthorized and gets a 401 status code:"

However in my testing this does not work. I can share my code, but can you let me know if this is supposed to work or a documentation bug?

HI, @cfjedimaster, I’m curious as well. If you would please share that code we would appreciate it.

Also, if you just want to send us a link to the deployed site where it was tested (or the site’s API ID - ID not the key), we’ll be happy to research the issue.

Hi, the source code is here: https://github.com/cfjedimaster/NetlifyTestingZone. The deployed site is here; https://netlifydemos.netlify.app/

I used _headers for the auth and netlify.toml to try to handle the “on 401, go here” logic.

1 Like

Thanks for making the demo! Looks like something we need to update in our docs, I will file the issue today :+1:

So can you confirm it is NOT possible, or it IS possible and the docs are wrong?

Sorry to nag - but can you clarify which it is? (Broken feature, incorrect docs?)

Not sure yet :slight_smile:

I do see your repro as not working, so at least our docs are wrong around current implementation. It’s not a pattern I’ve used personally, so I’m still not sure where the bug is.

I worry that our team may only have meant that for identity though, rather than other 401’s since that pattern does work in identity:

Anyhow, we’ll follow up once we get an answer - it is still on our team’s radar.

Hey there,

Thanks for bearing with us. We wanted to be double-sure on what we believe to be accurate!

The 401 redirect rule only works for role-based access control. As such, we’ll be amending the docs to align with this. Thanks for your insightful discussion on this topic! :heart:

Sounds good, thank you for the update!