[Support Guide] 401 errors for some requests in Safari when using password protection or HTTP basic auth

last reviewed by Netlify Support in September 2023

If you use our password protection or HTTP Basic Authentication, you may notice that your site browses well in Chrome and Firefox, but not in Safari.

While investigating, you might see things like this in your browser dev tools:


These failing requests have received an HTTP 401 Unauthorized Response, which means they were not loaded and thus potentially broke your site. What we’ve discovered in every reported case is that Safari is not appropriately setting authentication cookies or HTTP request headers on some of your requests. What makes this especially challenging to debug is that it is setting them on others - your HTML will load fine, and maybe some graphics and JS, but not a few files. Most often, files you access via XmlHTTPRequest or with a call more like:

<script src="runtime-es2015.cee025995ef6a524ad3a.js" type="module"></script>

rather than:

<script src="zsy5bst.js"></script>

While you can’t change safari’s behaviour, and while our system is operating correctly, there are workarounds to this issue! Specifically, sending your authentication cookie or HTTP request header explicitly (as Chrome and Firefox do automatically for other requests from an authenticated page). You may find some luck following some similar advice in this thread:

I’m not sure that will work for you, but it is at least pretty similar to what is happening to you. We hope that this can inspire a solution and get you back on track. :slight_smile: :netlisparkles:

1 Like