Hi,
I’ve been trying to lock 2 Netlify function url’s behind basic authentication. I think I’m following the correct steps, but when testing the the specified url’s don’t request any authentication.
I created a _headers file:
/.netlify/functions/function1
Basic-Auth: username:password
/.netlify/functions/function2
Basic-Auth: username:password
In my netlify.toml I added:
[build]
command = “yarn build && cp _headers public/_headers”
functions = “functions” # netlify-lambda reads this
publish = “public”
During deploying I can see it’s picking this up:
2:38:08 PM: ┌────────────────────────────────────┐
2:38:08 PM: │ 2. build.command from netlify.toml │
2:38:08 PM: └────────────────────────────────────┘
2:38:08 PM: $ yarn build && cp _headers public/_headers
Also after the deploy has finished and I download the deploy, I can see the _headers file. It’s equal to my local file.
However, with all this, when surfing to “mywebsite.com/.netlify/functions/function1” the page does not request a username and password. The page behaves like no authentication is present.
Does anyone know what might be missing in my setup?
Thanks