My latest test config is below, but I also worked with many variations. My htpasswd-foo-foo has one entry: foo with pw foo. My php-auth.php script also accepts bar / bar.
Included below if you want to steal to test in your own environment against your browser/extension installation. If you see your reported issue against this I suspect that'll be telling that it is something unique to your browser setup interacting with BW.
http {
server {
listen 8080;
location /api/ {
satisfy any;
auth_basic "Restricted access";
auth_basic_user_file /etc/nginx/htpasswd-foo-foo;
auth_request /auth-service;
proxy_pass http://localhost:8082/success;
}
location = /auth-service {
internal;
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/php-auth.php;
fastcgi_index index.php;
}
}
server {
listen 8082;
location = /success {
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/html/success.php;
fastcgi_index index.php;
}
}
}
htaccess-foo-foo:
foo:$apr1$13wds6o0$/DbF6uCKY3.k96rlfKt5M/
php-auth.php
<?php
if ((!$_SERVER['PHP_AUTH_USER']) && (!$_SERVER['PHP_AUTH_PW'])) { // Not logged in using basic authentication
authenticate(); // Send basic authentication headers
}
if (!(($_SERVER['PHP_AUTH_USER'] == "bar") && ($_SERVER['PHP_AUTH_PW'] == "bar"))) { // Check username and password
authenticate(); // Send basic authentication headers because username and/or password didn't match
}
#if (!(($_SERVER['PHP_AUTH_USER'] == "foo") && ($_SERVER['PHP_AUTH_PW'] == "foo"))) { // Check username and password
# authenticate(); // Send basic authentication headers because username and/or password didn't match
#}
#phpinfo();
// Call authentication display
function authenticate() {
header("WWW-Authenticate: Basic realm=Website");
header("HTTP/1.0 401 Unauthorized");
exit;
}
?>