My manifest.json file is coming back as Netlify's password-protect html instead


Background: The site above is currently under development and not for public access, so we are using Netlify’s simple password protection system to lock it way.

Problem: I have supplied a manifest.json file but when the site loads the file that is returned is Netlify’s password protection html, not the manifest, with an accompanying 401 error.

Question: How do I tell Netlify to serve up the manifest.json file?

If you’re adding headers for the entire website, it’s working as expected.

You can try explicitly specifying a different header rule for your manifest.json file before the headers for the entire website. The redirects file is processed top to bottom, so I’d expect the same thing for headers.

Thanks, that’s interesting. I’m not defining any specific headers, i.e I have no _headers file, but maybe by enabling the password protection there are other headers being applied behind the scenes. That would make sense actually. Not sure what I can do about that other than put up with it until the live production site is ready to roll.

If you’re not using headers, maybe you should then. You can (probably) then exclude the required file: Password protection | Netlify Docs.