Intercepting the browser's basic authorization popup with nginx
Solution 1:
The form submission URL (action attribute) is missing the trailing slash.
Upon form submission POST request is made to /validate
which causes nginx to respond with a redirect to /validate/
. The browser foIlows the redirect by issuing a GET request which does not contain the original data. Effectively the nginx rules receive empty credentials.
The solution is to add trailing slash to the <form>
element's action
attribute so it looks like: action="http://localhost/validate/"
.