HTTP Basic Authentication not working in safari browser using node.js?

0
votes

I am currently using node.js for development.I have used the below format for http basic authentication:

https://{username}:{password}@{host}

Currently, this above pattern is working in google chrome and mozilla firefox as well but not working in safari browser. But, I have also read on some forums that google will also deprecate this method for basic authentication. So, problem is that we can not tell the users to let their security options off in any browser so in that case how I follow the exact pattern or whatever for http basic authentication for other web urls which is not related to our app but it is created by our team also for other apps.

Actually, when we visit secured websites, then it will give us popup asking username and password as shown in the below attached screenshot link. But I want that authentication is passed without showing popup using any sort of code. Pls help over this.

If you unable to understand the problem statement, pls guide me to correct the specification about question.

I have attached my problem scenario in the screenshot what I received on safari browser.Basic Auth on Safari

I need proper solution which will be feasible and secure for all browsers. Thanks in advance.

1
node.jshttpexpresssafaribasic-authentication
Doesn't anyone here who face issue like this ??Saurabh Aren
Why don't you just make the authentication via req.body? Should I write an answer how you do it?Lukas Germerott
Thanks @LukasGermerott first of all. Yes, Sure, I can follow different solution as well, if you have an idea from different perspective, then pls do it.Saurabh Aren

1 Answers

0
votes

You could also just use fetch for the authentication on other api's.

app.get("/sample", (req, res) => {
  console.log("enter into sample api");

  const username = "sample_uname",
    password = "sample_password";
    fetch('https://example.com/?username='+username+'&password='+password)
    .then(response=> {
        return response.json();
    })
    .then(json => {
        //Do what you want
        console.log(JSON.stringify(json));
    });
});

Edit: A authentication via GET is not the safest way to go, because the password gets flashed in the url. So maybe you should use POST