W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2012

Re: [XHR] Authentication prompt during send()

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 26 Apr 2012 14:38:11 +0200
To: "public-webapps@w3.org" <public-webapps@w3.org>, "Hobbs, Timothy" <Timothy.Hobbs@ca.com>
Message-ID: <op.wddhdxzu64w2qv@annevk-macbookpro.local>
On Tue, 17 Apr 2012 14:40:33 +0200, Hobbs, Timothy <Timothy.Hobbs@ca.com>  
> Is my interpretation of the XMLHttpRequest specification flawed, is  
> there a need for the browser behavior to change, or is my requirement  
> just not serious enough?

The idea is that if you provide user/password, the browser does not  
transmit them to the server but first waits to get challenged. If  
challenged another request is made with the appropriate user/password. If  
that fails the user should not be prompted. However, I believe this  
behavior has not been universally implemented thus far and the way HTTP  
authentication works does not make it easy to write tests for. (At least  
I've had trouble creating exhaustive tests and reverse engineering the  
appropriate behavior so I mostly gave up and have been hoping for someone  
to fill me in on the details.)

Anne van Kesteren
Received on Thursday, 26 April 2012 12:38:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:33 UTC