Basic-Auth for staging subdomain

Hey, I wonder if it’s possible to add Basic Auth to staging environment only? I got this netlify.toml file

[build]
  command = "ember build -e production"
  publish = "dist/"

# Production context
[context.production]
  command = "ember build -e production"
  [context.production.environment]
    ROBOTS = "index, follow"

# Deploy Preview context
[context.deploy-preview.environment]
  ROBOTS = "noindex, nofollow"

# Branch deploy context
[context.branch-deploy]
  command = "ember build -e production"
  [context.branch-deploy.environment]
    ROBOTS = "noindex, nofollow"

# Specific branch context
[context.staging]
  command = "ember build -e production"
  [context.staging.environment]
    ROBOTS = "noindex, nofollow"

[[redirects]]
  from = "/*"
  to = "/index.html"
  status = 200

[[headers]]
  for = "/images/*"
  [headers.values]
    Cache-Control = "public, s-max-age=604800"

[[headers]]
  for = "/fonts/*"
  [headers.values]
    Cache-Control = "public, s-max-age=604800"

How Do I set up here basic auth for staging only environment, Also If its worth mentioning I got my staging and website on customdomain example.com so its staging.example.com and I want to password protect only this deployments

Is it even possible?

Hi there, what is your netlify instance name? Just to confirm, basic auth does not work on a free account, more on that here:

I already Upgraded to Team Plan, So I have this feature, just doesn’t know how to configure it only for one env (staging) with subdomain connected to it. Sure I can set up password from UI on whole site, but that’s not what I want, I only want my staging to be password protected

Hi @Lepryko, headers in the netlify.toml are global so they can’t be scoped to specific builds. However, the context is available as a build environment variable as is the BRANCH. This means you can create a _headers file or rename it during your build process. The simplest way is just doing a check to see if BRANCH is equal to staging and if so, rename your prepared headers.txt file to _headers . This can be done in whatever language you’re comfortable in, or just do it in bash. You can see the structure of the _headers file and basic auth in our docs

1 Like

I made simple function like this

const fs = require('fs');
if (process.env.CONTEXT === 'staging') {
  fs.renameSync('headers.txt', 'dist/_headers');
}

But still it’s not password protected, my header.txt is just ‘/* [new line and indent] Basic-Auth: admin:pass’

@Lepryko Can you share the contents of the headers.txt file? Can you also give me a link to the deploy where you have this up? Lastly, where did you get that CONTEXT name? is staging a branch? If so then you’re checking the wrong en var since the only deploy context we have are production, branch-deploy, deploy-preview. That’s in our docs: