I added the Basic-Auth header to my _headers file to restrict a certain section of the site. It doesn’t seem to work though, I’m not getting the login prompt in my browser.
The documentation about Basic-Auth states that ‘This feature may not be available on all plans.’, but the plans page does not make it clear if Basic-Auth is a paid feature or not.
Did I do something wrong here, or is Basic-Auth only available for paying customers?
I just ran into this too, and found the documentation unclear. There’s no mention of “auth” anywhere in the page; the closest that comes to it is the discussion of the Identity Add-on, which appears to be entirely unrelated.
The only place I can see it explicitly mentioned which plans do and do not include the ability to use Basic-auth is the first paragraph of the Selective Password Protection blog post.
5 header rules processed
All header rules deployed without errors
That should generate at least a warning and possibly, because it’s a security-related change that provides access to part of the site where none is expected, an error. I would not think it unusual for someone with access to the repo for a site deployed on a paid account to try out his own deployment of it on a free account.
On that same page, there’s a comparison table between our Free, Pro, and Business+ plans and password protection is only checked for Pro and Business+:
We try and keep the pricing page as the source of truth for our pricing rather than adding pricing notes all over our docs since that would require us to update our docs much more often to make sure it’s always correct.
Ok, so the issue there was that I was searching for “auth” and the phrase “password protection” doesn’t include that. Maybe in the detailed chart, changing that line to “Password Protection via HTTP authentication header” would help those of us being more technically precise with such searches?