fix: remove HeaderAuthorization from forward-auth endpoint

Only use CookieSession strategy for forward-auth endpoint to ensure browsers receive proper 302 redirects to the login page instead of HTTP Basic auth prompts. When HeaderAuthorization is in the strategies list, it sends www-authenticate headers that trigger browser Basic auth dialogs. For browser-based authentication, we only want CookieSession which handles redirects properly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-15 20:35:18 +01:00
parent bec2add16b
commit be0fddf796
1 changed files with 0 additions and 1 deletions
--- a/net/authelia/configuration.yml
+++ b/net/authelia/configuration.yml
@@ -15,7 +15,6 @@ server:
        implementation: 'ForwardAuth'
        authn_strategies:
          - name: 'CookieSession'
-          - name: 'HeaderAuthorization'

 log:
  level: info