03.06.2026, 08:01
Thank you but I tried (with a dedicated user, not admin) and it replied with:
- redirect to login when not using any auth (as expected)
- 400 bad request when using basic auth
- redirect to login when using basic auth but with wrong credentials
Request:
Reply:
Reply with wrong credentials:
- redirect to login when not using any auth (as expected)
- 400 bad request when using basic auth
- redirect to login when using basic auth but with wrong credentials
Request:
Quote:GET /apps/data/vacanze/api.lp HTTP/1.1
Host: 192.168.0.10
Authorization: Basic YXBpOlRlc3RfUGFzc3dvcmQx
User-Agent: curl/8.13.0
Accept: */*
Reply:
Quote:HTTP/1.1 400 Bad Request
Date: Wed, 03 Jun 2026 07:55:55 GMT
Content-Type: text/html
Content-Length: 122
Connection: close
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws://192.168.0.10 wss://192.168.0.10; img-src * data:
Set-Cookie: x-login=1; Path=/; HttpOnly; SameSite=Strict
X-Content-Type-Options: nosniff
Permissions-Policy: autoplay=self,fullscreen=self
Referrer-Policy: same-origin
<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
</body>
</html>
Reply with wrong credentials:
Quote:HTTP/1.1 302 Moved Temporarily
Date: Wed, 03 Jun 2026 07:57:19 GMT
Content-Type: text/html
Content-Length: 110
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws://192.168.0.10 wss://192.168.0.10; img-src * data:
Set-Cookie: x-login=0; Path=/; HttpOnly; SameSite=Strict
Set-Cookie: x-session=; Path=/; HttpOnly; SameSite=Strict
Location: /login?err
X-Content-Type-Options: nosniff
Permissions-Policy: autoplay=self,fullscreen=self
Referrer-Policy: same-origin
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
</body>
</html>