Authorization request header contains the credentials to authenticate a user agent with a server, usually, but not necessarily, after the server has responded with a
Unauthorized status and the
Authorization: <type> <credentials>
Note: Base64 encoding does not mean encryption or hashing! This method is equally secure as sending the credentials in clear text (base64 is a reversible encoding). Prefer to use HTTPS in conjunction with Basic Authentication.
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.
|RFC 7235, section 4.2: Authorization||HTTP/1.1: Authentication|
|RFC 7617||The 'Basic' HTTP Authentication Scheme|
© 2005–2020 Mozilla and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.