[webkit-help] HTTP Authorization Header not seen, when using XHR with username/password on webkit
Alexey Proskuryakov
ap at webkit.org
Wed Jun 23 10:33:38 PDT 2010
23.06.2010, в 7:57, Stuart Chi Chuen Ng написал(а):
> Xhr.open(‘GET’, ‘’, false, ‘user’, ‘password’);
Synchronous XMLHttpRequest is slightly less tested than asynchronous,
but it should work, and we have test coverage for it.
For security reasons, programmatically provided credentials are
ignored for cross-origin requests.
> Questions:
>
> By calling this and then send, should I see the ‘Authorization’
> HTTP Header being sent with username/password Base 64 encoded? I use
> Packet sniffer and can not see this header being sent at all.
You describe Basic authorization scheme here. The server tells us what
scheme to use.
> Does this only work after a HTTP 401 was received?
Yes, it should be received at least once. After that, we may cache the
protection space information, and send credentials preemptively.
- WBR, Alexey Proskuryakov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-help/attachments/20100623/e86fe334/attachment.html>
More information about the webkit-help
mailing list