[webkit-dev] Using HTTP Auth with XHR

Adam Ratcliffe adam at prema.co.nz
Mon Mar 20 02:18:24 PST 2006

Hi Eric

Thanks for confirming this.

BTW what client do I use to view rdar: URLs?  I tried Safari but it  
doesn't recognize the protocol.


On 20 Mar, 2006, at 8:06 PM, Eric Seidel wrote:

> I believe this is a known issue:
> <rdar://problem/4335156> XMLHttpRequest ignores username/password  
> passed to open()
> I need to go ahead and move that radar into bugzilla (or you should  
> feel free to file one!), which will make it easier (for someone  
> other than me) to fix.
> I don't know of any work-arounds.
> -eric
> p.s. Instructions on filing WebKit bugs are available from our  
> website: http://www.webkit.org/
> On Mar 19, 2006, at 9:41 PM, Adam Ratcliffe wrote:
>> Hi,
>> I'm developing a DHTML application that interacts with a REST API  
>> that uses either HTTP Basic or Digest authentication.  I'd like to  
>> provide a login form that 	uses XHR to authenticate the user  
>> before the actual request for a protected resource is sent.
>> The problem is that XHR does not handle the server's  
>> authentication challenge, delegating the work to the browser which  
>> shows the HTTP auth dialog.  I've tired various approaches such as  
>> including the username and password in the URL e.g. http:// 
>> <username>:<password>@host/path but none of these seem to work.
>> The form's onsubmit handler is shown below, a complete test case  
>> with a PHP server-side implementation attached.  I've tried the  
>> test case both on Safari 417.8 and the webkit nightly build.  The  
>> test case works fine on Firefox.
>> Is this a limitation of webkit's XHR implementation or is there  
>> another way to do HTTP auth with it that I'm missing?
>> Cheers
>> Adam
>> function login() {
>>     var url = loginForm.action;
>>     var username = document.getElementById("username").value;
>>     var password = document.getElementById("password").value;
>>     var http = new XMLHttpRequest();
>>     http.open("get", url, false, username, password);
>>     http.send("");
>> }
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at opendarwin.org
>> http://www.opendarwin.org/mailman/listinfo/webkit-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.macosforge.org/pipermail/webkit-dev/attachments/20060320/5296be81/PGP.bin

More information about the webkit-dev mailing list