I’m using Basic-Auth to password-protect some of the content on a website. Auth and login work as expected, but when I click ‘Cancel’ on the auth dialog, I’m taken to a broken page with that says HTTP ERROR 401.
For ‘Cancel’, I’d like to simply close the dialog, or at least redirect back to the index page. I’ve tried to declare a redirect for the 401 error using the netlify.toml file, but haven’t been successful. What am I doing wrong?
Welcome to our community site, @interactivematt.
There isn’t a way to make a custom 401 page at this time. We do have an open feature request for this and I have added this community topic to that feature request.
If/when making a custom 401 page becomes possible with Netlify, we’ll follow-up here to let you (and anyone visiting this page) know about the new feature.
If there are other questions about this, we’re happy to answer.
Hi, I just ran into this today. The docs now (not sure if it did then) specifically say we can do this.
From https://docs.netlify.com/configure-builds/file-based-configuration/#redirects -
" You can redirect back to / if the user is unauthorized and gets a 401 status code:"
However in my testing this does not work. I can share my code, but can you let me know if this is supposed to work or a documentation bug?
HI, @cfjedimaster, I’m curious as well. If you would please share that code we would appreciate it.
Also, if you just want to send us a link to the deployed site where it was tested (or the site’s API ID - ID not the key), we’ll be happy to research the issue.
Hi, the source code is here: https://github.com/cfjedimaster/NetlifyTestingZone. The deployed site is here; https://netlifydemos.netlify.app/
I used _headers for the auth and netlify.toml to try to handle the “on 401, go here” logic.
Thanks for making the demo! Looks like something we need to update in our docs, I will file the issue today 
So can you confirm it is NOT possible, or it IS possible and the docs are wrong?
Sorry to nag - but can you clarify which it is? (Broken feature, incorrect docs?)
Not sure yet 
I do see your repro as not working, so at least our docs are wrong around current implementation. It’s not a pattern I’ve used personally, so I’m still not sure where the bug is.
I worry that our team may only have meant that for identity though, rather than other 401’s since that pattern does work in identity:
Anyhow, we’ll follow up once we get an answer - it is still on our team’s radar.
Hey there,
Thanks for bearing with us. We wanted to be double-sure on what we believe to be accurate!
The 401 redirect rule only works for role-based access control. As such, we’ll be amending the docs to align with this. Thanks for your insightful discussion on this topic! 
Sounds good, thank you for the update!