Search results
by Developers. MDN Web Docs has the most up-to-date and accurate information and the content is presented in an easy-to-understand manner. I also like that it's available in many languages (very important!). The MDN Web Docs site provides information about Open Web technologies including HTML, CSS, and APIs for both Web sites and progressive ...
- Learn Web Development
Welcome to the MDN learning area. This set of articles aims...
- Play
The MDN Web Docs site provides information about Open Web...
- Blog
The MDN blog publishes web development news, tutorials, and...
- HTML
HTML (HyperText Markup Language) is the most basic building...
- Advertise With US
The MDN Web Docs site provides information about Open Web...
- CSS
Cascading Style Sheets (CSS) is a stylesheet language used...
- About
MDN Web Docs is an open-source, collaborative project...
- Performance API
The following interfaces are present in the Performance API:...
- Learn Web Development
Jul 19, 2023 · MDN Web Docs is free-to-use resource on which we document the open web platform. Our mission is to provide developers with the information they need to easily build projects on the web platform. This is the landing page for the MDN Web Docs project itself. Here you'll find guides on how the site works, how we do our documentation, the ...
- Overview
- The general HTTP authentication framework
- Authentication schemes
- Basic authentication scheme
- See also
HTTP provides a general framework for access control and authentication. This page is an introduction to the HTTP framework for authentication, and shows how to restrict access to your server using the HTTP "Basic" schema.
RFC 7235 defines the HTTP authentication framework, which can be used by a server to challenge a client request, and by a client to provide authentication information.
The challenge and response flow works like this:
1.The server responds to a client with a 401 (Unauthorized) response status and provides information on how to authorize with a WWW-Authenticate response header containing at least one challenge.
2.A client that wants to authenticate itself with the server can then do so by including an Authorization request header with the credentials.
3.Usually a client will present a password prompt to the user and will then issue the request including the correct Authorization header.
The general message flow above is the same for most (if not all) authentication schemes. The actual information in the headers and the way it is encoded does change!
The general HTTP authentication framework is the base for a number of authentication schemes.
IANA maintains a list of authentication schemes, but there are other schemes offered by host services, such as Amazon AWS.
Some common authentication schemes include:
Basic
See RFC 7617, base64-encoded credentials. More information below.
Bearer
Security of basic authentication
As the user ID and password are passed over the network as clear text (it is base64 encoded, but base64 is a reversible encoding), the basic authentication scheme is not secure. HTTPS/TLS should be used with basic authentication. Without these additional security enhancements, basic authentication should not be used to protect sensitive or valuable information.
Restricting access with Apache and basic authentication
To password-protect a directory on an Apache server, you will need a .htaccess and a .htpasswd file. The .htaccess file typically looks like this: The .htaccess file references a .htpasswd file in which each line consists of a username and a password separated by a colon (:). You cannot see the actual passwords as they are hashed (using MD5-based hashing, in this case). Note that you can name your .htpasswd file differently if you like, but keep in mind this file shouldn't be accessible to anyone. (Apache is usually configured to prevent access to .ht* files).
Restricting access with Nginx and basic authentication
For Nginx, you will need to specify a location that you are going to protect and the auth_basic directive that provides the name to the password-protected area. The auth_basic_user_file directive then points to a .htpasswd file containing the encrypted user credentials, just like in the Apache example above.
MDN Web Docs is an open-source, collaborative project documenting Web platform technologies, including CSS, HTML, JavaScript, and Web APIs. We also provide an extensive set of learning resources for beginning developers and students. MDN's mission is to provide a blueprint for a better internet and empower a new generation of developers and ...
Nov 17, 2023 · When you type a web address into your browser (for our analogy that's like walking to the shop): The browser goes to the DNS server, and finds the real address of the server that the website lives on (you find the address of the shop). The browser sends an HTTP request message to the server, asking it to send a copy of the website to the client ...
Step 1: Create an account on MDN. To begin your contributions to MDN, you need to have an account on MDN. For details, please see how to create an account. Note that you'll need a GitHub account before you can create an MDN account, since we use GitHub for authentication at this time. If your task involves creating new pages, please see ...
People also ask
What is MDN Web Docs?
Does MDN Web Docs have a learning area?
Why should I use MDN Web Docs?
What does MDN do?
Why is MDN not documenting native web technologies?
What resources does MDN provide?
Jun 11, 2020 · It boasts around 3.5–4 million page views per month; a little under 10% of MDN Web Docs’ monthly web traffic. At this point, the Learning Area does its job pretty well. A lot of people use it to study client-side web technologies, and its loosely-structured, unopinionated, modular nature makes it easy to pick and choose subjects at your own ...
