Denied access on 2021.1.0

[davinci]

I get this message:

Code: Select all

   Web Server                      access denied "http://indigodomo.net:PORT/variables/UpdateIndigo.json" from username @ 127.0.0.1

This is requested by a WebApp from me. Worked before.

Edit: Using M1.

[howartp]

Have you removed your reflector name from that URL? Otherwise it’s wrong?


Sent from my iPhone using Tapatalk Pro

[davinci]

No, I just replaced the port and username.

In the settings it shows as active with the correct url.

[jay (support)]

This is requested by a WebApp from me.

Can you explain more what this means? Can you hit your reflector directly in a web browser?

[matt (support)]

Also, what type of authentication does your WebApp expect: HTTP Digest or Basic? If the latter, did you enable the option in the Start Local Server dialog for HTTP Basic authentication? If it uses Digest then try turning off Basic authentication in the settings if it is enabled.

[davinci]

I am using Apache Cordova - not a native WebApp, sorry.

Code: Select all

var header = cordova.plugin.http.getBasicAuthHeader(user, password);

I enabled the option for now (which is less secure). What is the recommended way though?
What are the risks of BasicAuth?

[jay (support)]

HTTP Basic auth sends the username/password in the clear. If you're using HTTPS then it's somewhat secure. HTTP Digest doesn't send the username/password, so it's more secure.

If you can set headers before sending the request, I'd highly recommend using an API Key in the Authorization header instead. That way you can revoke the key if it becomes compromised as opposed to changing the password in all the places where you might use them.