[whatwg] connecting usernames and passwords

On Fri, 17 Dec 2004, Matthew Thomas wrote:
> 
> Future browsers could, instead of displaying an alert for HTTP 
> authentication, provide the authentication UI in a panel at the top of 
> the non-authenticated page (fixing annoying modality issues in the 
> process). That wouldn't require any change to HTTP authentication 
> either.

A very interesting idea. The problem with that is that if you show the
401 page at the moment, you'll get something like:

    401 UNAUTHORIZED

    YOU DO NOT HAVE THE PROPER PERMISSIONS



   ___________________________________________________________
    Username: [_____]  Password: [_______]   (Login)      [X]

...whenever you reach an HTTP-protected page, which is suboptimal at
best.

We could get around that by saying that you can include
WWW-Authenticate headers with 200 OK responses as well (nothing in
HTTP seems to say you can't), and that if you do, then the bar is
shown as above ("interactive user agents should provide a non-modal
authentication interface"). Then, if you've already sent your
credentials and you get a 401, then you get the 401 page and the bar,
instead of the modal dialog.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Thursday, 16 December 2004 21:08:56 UTC