[webkit-help] HTTP Authorization Header not seen, when using XHR with username/password on webkit

Alexey Proskuryakov ap at webkit.org
Wed Jun 23 10:33:38 PDT 2010

23.06.2010, в 7:57, Stuart Chi Chuen Ng написал(а):

> Xhr.open(‘GET’, ‘’, false, ‘user’, ‘password’);

Synchronous XMLHttpRequest is slightly less tested than asynchronous,  
but it should work, and we have test coverage for it.

For security reasons, programmatically provided credentials are  
ignored for cross-origin requests.

> Questions:
> By calling this and then send, should I see the ‘Authorization’  
> HTTP Header being sent with username/password Base 64 encoded? I use  
> Packet sniffer and can not see this header being sent at all.

You describe Basic authorization scheme here. The server tells us what  
scheme to use.

> Does this only work after a HTTP 401 was received?

Yes, it should be received at least once. After that, we may cache the  
protection space information, and send credentials preemptively.

- WBR, Alexey Proskuryakov

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-help/attachments/20100623/e86fe334/attachment.html>

More information about the webkit-help mailing list