“Basic auth” is no longer working.
Setting Basic Password Protection using a password successfully locks down the site; however you cannot access the site when entering the same password.
It would be good if Netlify could do some basic regression testing before pushing new things live.
To assist, we were attempting to add basic password protection on Site ID: 27281095-a0c6-48a7-a965-ce39694af2ae; the site would then be “protected”, however using the password would not allow access. Upon navigating back to the Visitor Access controls, typically the password can be revealed in Netlify; however the password was not present.
Thanks for reaching out about this! We’ve identified the issue causing this behavior and a fix has just been rolled out. Please let us know if you continue to see issues.
@sid.m confirming this now allows us to set passwords, and those passwords work unlocking the site. However, previously, the saved password would be accessible to team members when viewing the site settings via the Netlify site configuration. Ideally this would continue to work.
Sorry, I don’t understand what you’re trying to say. Could you please clarify?
The Basic Password Protection, before the issue I raised in November, when we set a password via the Netlify Site Configuration page (app.netlify.com/sites/[site-name]/configuration/access) that password could be later viewed by navigating to that page and clicking the reveal icon.
That is no longer possible. The password gets saved fine. The password works fine when accessing the site. However, in the event that password isn’t ‘remembered’ by our team members (or their browsers), they can no longer simply go and find it again - they have to save a new value instead; which can be an annoyance to other team members. It’s not a big issue; but the fix that solved the issue above both restored, and removed functionality.
That’s not a bug, but intended behaviour. The only way to achieve what you need is by saving the password in plaintext, which as you can imagine is insecure. We stopped doing that and only save the hash of the password, so we don’t know what the password is.