[webkit-dev] Using HTTP Auth with XHR

Eric Seidel eseidel at apple.com
Mon Mar 20 02:28:55 PST 2006 

Viewing rdar urls requires having Radar, an internal apple tool.

Perhaps, I should not have included the URL.  I did so for the  
benefit for those few on this list with Radar access.

My apologies for any confusion.

-eric


On Mar 20, 2006, at 2:18 AM, Adam Ratcliffe wrote:

> Hi Eric
>
> Thanks for confirming this.
>
> BTW what client do I use to view rdar: URLs?  I tried Safari but it  
> doesn't recognize the protocol.
>
> Cheers
> Adam
>
> On 20 Mar, 2006, at 8:06 PM, Eric Seidel wrote:
>
>> I believe this is a known issue:
>>
>> <rdar://problem/4335156> XMLHttpRequest ignores username/password  
>> passed to open()
>>
>> I need to go ahead and move that radar into bugzilla (or you  
>> should feel free to file one!), which will make it easier (for  
>> someone other than me) to fix.
>>
>> I don't know of any work-arounds.
>>
>> -eric
>>
>> p.s. Instructions on filing WebKit bugs are available from our  
>> website: http://www.webkit.org/
>>
>>
>> On Mar 19, 2006, at 9:41 PM, Adam Ratcliffe wrote:
>>
>>> Hi,
>>>
>>> I'm developing a DHTML application that interacts with a REST API  
>>> that uses either HTTP Basic or Digest authentication.  I'd like  
>>> to provide a login form that 	uses XHR to authenticate the user  
>>> before the actual request for a protected resource is sent.
>>>
>>> The problem is that XHR does not handle the server's  
>>> authentication challenge, delegating the work to the browser  
>>> which shows the HTTP auth dialog.  I've tired various approaches  
>>> such as including the username and password in the URL e.g.  
>>> http://<username>:<password>@host/path but none of these seem to  
>>> work.
>>>
>>> The form's onsubmit handler is shown below, a complete test case  
>>> with a PHP server-side implementation attached.  I've tried the  
>>> test case both on Safari 417.8 and the webkit nightly build.  The  
>>> test case works fine on Firefox.
>>>
>>> Is this a limitation of webkit's XHR implementation or is there  
>>> another way to do HTTP auth with it that I'm missing?
>>>
>>> Cheers
>>> Adam
>>>
>>> function login() {
>>>     var url = loginForm.action;
>>>     var username = document.getElementById("username").value;
>>>     var password = document.getElementById("password").value;
>>>
>>>     var http = new XMLHttpRequest();
>>>     http.open("get", url, false, username, password);
>>>     http.send("");
>>> }
>>> _______________________________________________
>>> webkit-dev mailing list
>>> webkit-dev at opendarwin.org
>>> http://www.opendarwin.org/mailman/listinfo/webkit-dev
>>
>>
>>
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at opendarwin.org
> http://www.opendarwin.org/mailman/listinfo/webkit-dev

More information about the webkit-dev mailing list