Does Basic Auth Policy Changed?

I used Basic Auth to access “https://api.github.com/repos/{account}/{repo}/contents?ref=master” from frontend cors (origin {account}.github.io) for 2 week, and it was work fine.

But yesterday(2020/04/10) I found it response me 401 like

{
    "message": "Bad Credentials",
    "documentation_url": "https://developer.github.com/v3"
}

I find I can use http clinet (like postman) to get data, but can’t get when headers has “Origin:https://{account}.github.io”.

Also I can get data from localhost test http server (like http://localhost:5500), but can’t get when it push to “https://{account}.github.io.”

Does Basic Auth Policy Changed?

Can I use Basic Auth in pure frontend web?

Or It must use back end to handle auth flow?

2 Likes