How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?

匿名 (未验证) 提交于 2019-12-03 09:05:37

问题:

I'm writing some browser side dynamic functionality and using HTTP Basic Auth to protect some resources. The user experience is very important and is highly customized.

Here's a simple test JQuery method that eventually will test if a user has supplied the right credentials in a form:

$(document).ready(function() {     $("#submit").click(function() {     var token = Base64.encode($('#username').val() + ':' + $('#password').val());             $.ajax({       url: '/private',       method: 'GET',       async: false,       beforeSend: function(req) {         req.setRequestHeader('Authorization', 'test:password');       },       error: function(request, textStatus, error) {         if (request.status == 401) {           alert('401');         }       }     });     return false;   }); });

If they are not allowed to access /private, at the moment they should see just the alert box. However, on Firefox, a browser-provided login form pops up (to retry with new credentials). Safari does not do this.

We want to completely control the experience with custom forms, fades, transitions, etc. How can I keep Firefox's default box from being shown? (If this will be an issue when we test for IE, I'd love to hear solutions there, too.)

回答1:

In case you haven't read it:

How can I supress the browser's authentication dialog?

Doesn't look too promising :)



回答2:

The solution is to set the WWW-Authenticate header to something other than Basic. For example set it to:

WWW-Authenticate: None

or

WWW-Authenticate: FormBased

if you use form based login. Then the browser will not show you a login window.



回答3:

Unfortunatly, I am hitting the same issue here.

In my opinion, Browsers should not give a prompt for an xmlhttprequest. I really wish someone would push that cause people are really wanting to move to jQuery for their auth needs.

Well here is the help I can give you, I found this jQuery Digest thing, I have no idea what it really does or anything, but if someone could take this code the right way, we could have a jquery digest auth system.

https://www.openhub.net/p/digestj

I would think with this handy new AuthDigestDomain option, we could have the above script rewritten or whatever and have the secured area 'linked' together and we could get past this problem once and for all. Well... best of luck =)



标签
fo
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!