Re: [XHR] Authentication prompt during send()

On Tue, 17 Apr 2012 14:40:33 +0200, Hobbs, Timothy <>  
> Is my interpretation of the XMLHttpRequest specification flawed, is  
> there a need for the browser behavior to change, or is my requirement  
> just not serious enough?

The idea is that if you provide user/password, the browser does not  
transmit them to the server but first waits to get challenged. If  
challenged another request is made with the appropriate user/password. If  
that fails the user should not be prompted. However, I believe this  
behavior has not been universally implemented thus far and the way HTTP  
authentication works does not make it easy to write tests for. (At least  
I've had trouble creating exhaustive tests and reverse engineering the  
appropriate behavior so I mostly gave up and have been hoping for someone  
to fill me in on the details.)

Anne van Kesteren

Received on Thursday, 26 April 2012 12:38:50 UTC