Setting Up Authentication
tidyDOM allows for logging into a site prior to scanning. This lets you scan pages as logged in user that would otherwise not be available to the public.
The credentials can be used for some or all pages on the site, an option that is individually configured on each page set up to be scanned.
Three types of authentication are provided - HTTP Basic, Login Form, and Custom Header.
- HTTP Basic - This form of authentication is commonly used to protect sites that are under development and should not be seen by the general public. Enter a username, password, and a test URL that requires the provided credentials.
- Login Form - This is the standard method of authentication for sites that require a user to enter a username and password on a form. Note: only cookie-based login is currently supported. Additional instructions are provided below.
- Custom Header - Any header name and value can be set. Enter a test URL that requires the provided credentials to ensure authentication is working properly.
Cookie Authentication with a Login Form
- Three platforms are currently supported: WordPress, Drupal, and Laravel. If you’d like to see a new platform officially supported, please send a feature request through the support form.
- Choose the platform your site is built on, and enter the username and password.
- Credentials will be stored using strong encryption, however we recommend using credentials specific to tidyDOM and ensuring the credentials do not have more capabilities than are needed for accessibility scanning.
- For extra protection, we recommend configuring your CMS to only permit this user to log in from our IP addresses. We will notify you if these IP addresses change in the future.
- If you are using Laravel and have customized your login page, you may need to adjust the username, password, and/or submit button selectors. Customized login pages are not supported for Drupal and WordPress.