[webkit-dev] Using HTTP Auth with XHR

Adam Ratcliffe adam at prema.co.nz
Sun Mar 19 21:41:22 PST 2006


I'm developing a DHTML application that interacts with a REST API  
that uses either HTTP Basic or Digest authentication.  I'd like to  
provide a login form that 	uses XHR to authenticate the user before  
the actual request for a protected resource is sent.

The problem is that XHR does not handle the server's authentication  
challenge, delegating the work to the browser which shows the HTTP  
auth dialog.  I've tired various approaches such as including the  
username and password in the URL e.g. http:// 
<username>:<password>@host/path but none of these seem to work.

The form's onsubmit handler is shown below, a complete test case with  
a PHP server-side implementation attached.  I've tried the test case  
both on Safari 417.8 and the webkit nightly build.  The test case  
works fine on Firefox.

Is this a limitation of webkit's XHR implementation or is there  
another way to do HTTP auth with it that I'm missing?


function login() {
     var url = loginForm.action;
     var username = document.getElementById("username").value;
     var password = document.getElementById("password").value;

     var http = new XMLHttpRequest();
     http.open("get", url, false, username, password);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.macosforge.org/pipermail/webkit-dev/attachments/20060320/5e09ecca/PGP.bin

More information about the webkit-dev mailing list