I am using the basic api authentication which is working in chrome and locally in safari. On the live server safari is returning unauthenticated what makes sense, if the header with the token has not been sent. Chrome is working the same local and in production.
Does anybody know the problem?
On the local machine the Bearer token is shown in the get request:
Authorization: Bearer XXX
On my server the header hasn't been sent and will not be shown in the request. Does safari hide the token for security reasons or so? Even if my server runs https?
I couldn't figure it out.
What is best practice for API authorization on all browsers with a small footprint. It did feel wrong using passport for a small little axios requests.