[Webkit-unassigned] [Bug 45943] CORS: Cross-domain PROPFIND XHR request for servers with authentication does not work in Safari.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Sep 20 21:47:33 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45943
--- Comment #4 from Vladimir Lichman <info at ithit.com> 2010-09-20 21:47:33 PST ---
Alexey, what we are trying to implement a Ajax interface for WebDAV server. WebDAV server does not have any user interface and no UI for authentication as well. Most WebDAV servers use Basic, Digest or Integrated Windows authentication. What would be the correct approach in this case?
Our customers request a cross domain support as it is inconvenient for them (and often not possible) to deploy JavaScript files, HTML pages and images to existing WebDAV server. It looks like this is the only blocking issue left.
(In reply to comment #3)
> This doesn't depend on the method. Here is what XMLHttpRequest 2 draft spec says:
>
> -------------
> If authentication fails, XMLHttpRequest origin and the request URL are same origin, Authorization is not in the list of author request headers, request username is null, and request password is null, user agents should prompt the end user for their username and password.
>
> Otherwise, if authentication fails, user agents must not prompt the end user for their username and password.
> -------------
>
> Note that for requests that are not same origin, we must not prompt the user.
>
> > Does this mean that before sending PROPFIND to server with Basic auth we have to send GET request somehow (for example include a hidden iframe on a page)?
>
> This may work, but it really shouldn't - it makes no sense to display an authorization dialog for a site other than the one the user has navigated to. If this works, perhaps we should prevent it in the future.
>
> A much better UI would be to let the user know what they doing by prominently displaying the other site's UI for authentication.
>
> > By the way cross-origin XHR request for PROPFIND works in Firefox with Digest auth.
>
> If Firefox asks for credentials when making cross origin XMLHttpRequests, then it's a Firefox bug.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list