Does Basic Auth Policy Changed?

I used Basic Auth to access “{account}/{repo}/contents?ref=master” from frontend cors (origin {account} for 2 week, and it was work fine.

But yesterday(2020/04/10) I found it response me 401 like

    "message": "Bad Credentials",
    "documentation_url": ""

I find I can use http clinet (like postman) to get data, but can’t get when headers has “Origin:https://{account}”.

Also I can get data from localhost test http server (like http://localhost:5500), but can’t get when it push to “https://{account}”

Does Basic Auth Policy Changed?

Can I use Basic Auth in pure frontend web?

Or It must use back end to handle auth flow?