On Thu, Jun 11, 2020 at 3:13 PM Jason Keltz <jas@xxxxxxxxxxxxx> wrote: [...] > The URL that I would like to limit looks like this: > > https://example.com/#/?key=KJKJHjkdflkjsdflkjJhdsfjhf [...] > I want to only apply authentication when the QUERY_STRING includes "?key". In the URL you have given above, "key" is not in the query string, it's in the fragment, which should never be sent to the server. I would suspect that that part is evaluated by Javascript in the browser, which probably triggers additional requests to some arbitrary, different URL. Not sure if authentication failures for such requests would ever cause the browser to request username/password interactively. Use the developer tools in your browser to check what's really going on. rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|