Hi! Feedback/bug:
When using the “Password Protected Site” feature, the password page has an HTTP 200 OK response code. I believe this should actually be 401 Unauthorized.
Returning the wrong response code means that certain automated tests don’t flag a password protected site correctly.
Thanks
Hi,
Thanks for writing in, this is a good idea so I filed an issue for our team to look at. I can’t say when it’ll be addressed, but we’ll update this thread when that happens. Note that as an alternative, you can use http basic auth which will return a 401: Custom headers | Netlify Docs
Thanks.
The use case issue is monitoring for people accidentally turning on password protection for production sites via Netlify UI, which basic auth wouldn’t have any bearing on.
Better late than never.
I just rolled out a fix for this.
Hope this helps some people.