I have a site set up with a domain name registered with GoDaddy, and hosted on an Apache Digital Ocean droplet, with the GoDaddy name servers pointing to DigitalOcean name servers. The whole site is behind htaccess login/password.
My problem is that, in some browsers (Safari OS X), if you go to mydomain.com without the www, the first time you get this message without a prompt for login credentials:
Unauthorized
This server could not verify that you are authorized to access the
document requested. Either you supplied the wrong credentials (e.g.,
bad password), or your browser doesn't understand how to supply the
credentials required.Apache/2.4.29 (Ubuntu) Server at www.mydomain.com Port 80
The second time you try the link, it property prompts the user for login.
I need the user presented with login creds the first time the user goes to mydomain.com, not just on successive attempts.
My DNS records on DigitalOcean look like this:
A www.mydomain.com directs to
206.189.65.999 3600NS mydomain.com directs to ns3.digitalocean.com. 1800
NS mydomain.com directs to ns2.digitalocean.com. 1800
NS mydomain.com directs to ns1.digitalocean.com. 1800
I don't have much experience setting this up, so I'm assuming my DNS records are wrong, but could this also just be a quirk with Safari?
Best Answer
Probably this: https://discussions.apple.com/thread/8232508
If the connection is with just http (not SSL) then up-to-date Safari will not prompt for basic authentication. Even if it ends up in SSL but traverses a non-SSL link in between that redirects to https.
This changed in iOS 11.2 and macOS 10.13.2 Safari.
So, you will have to use a link that is directly to https and doesn't redirect to something http and then again to https.
What could help is to emit HSTS header on your SSL configured virtual hosts. Then at least the browser would directly use SSL on any further instance of just typing that domain in the address bar.