[Webkit-unassigned] [Bug 7877] New: XMLHttpRequest ignores username/password passed to open()
bugzilla-daemon at opendarwin.org
bugzilla-daemon at opendarwin.org
Mon Mar 20 11:56:23 PST 2006
http://bugzilla.opendarwin.org/show_bug.cgi?id=7877
Summary: XMLHttpRequest ignores username/password passed to
open()
Product: WebKit
Version: 420+ (nightly)
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: XML DOM
AssignedTo: webkit-unassigned at opendarwin.org
ReportedBy: adam at prema.co.nz
Webkit's XHR cannot currently be used to authenticate a user using HTTP
Authentication as the username and password parameters passed to open() are
ignored.
If requesting a protected resource using XHR the browser responds to the
server's challenge by showing the HTTP auth dialog.
Looking at the headers sent by Firefox it's XHR implementation sends the
username and password in the URL initially, the server responds with the
authentication challenge and XHR resends the request with the appropriate
Authorization header. Maybe Webkit's XHR should do the same?
One limitation of Firefox's XHR implementation, and probably IEs also, is that
it's not possible to control whether the browser's HTTP auth dialog is shown
when invalid credentials are sent with the XHR request. This limits its
usefulness in providing an alternative interface to the browser's dialog for
HTTP auth. It would be cool if Webkit could provide more flexibility in this
case.
--
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list