NGINX Basic Authentication Not Using SSL
|Reported by:||Owned by:|
|uname -a:||18.04 LTS|
I noticed this issue with chrome / chromium based browsers.
I have NGINX basic authentication placed on my site's admin portal and I found when a user goes to domain.com/admin it prompts them for their credentials, which works fine and all, but I found that it does not have SSL, so your credentials can be read.
When visiting domain/admin there is a warning that this site is not secure. If you hit cancel on the page, you get the 401 error, but then by refreshing the page returns the prompt with SSL.