发表新帖
发表新帖

Avoid HTTP auth popup in a chrome extension (digest)

前端 未结
关注
3 1681
[愿得一人]
[愿得一人] 2021-02-01 09:39

I\'m currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication.

相关标签:
3条回答
  • 忘了有多久
    2021-02-01 10:14

    It's really seems to be a lack in chrome behavior, other people are wishing to see something as the mozBakgroundRequest Chris highlighted, there already a a bug report for that.

    There are (hackish) workarounds suggested by some developers in the bugtracker :

    • use a webworker and a timeout to perform the request
    • do the same with the background page

    In both case, the benefit is that it won't pop an authentication box... But you will never know if it's a real server timeout or a 401. (I didn't tested those workarounds).

    0 讨论(0)
  • 悲&欢浪女
    2021-02-01 10:28

    I think this is impossible. If you are using the browser's http client then it will prompt the user for credentials on a 401.

    EDIT : Over in mozilla land https://developer.mozilla.org/en/XMLHttpRequest check out "mozBackgroundRequest".

    0 讨论(0)
  • 甜味超标
    2021-02-01 10:32

    Google Chrome teams has implented the onAuthRequired event in Google Chrome 22, so now is possible detect when the HTTP Basic Authentication is required.

    In fact I wrote a extension that automatically sends the HTTP Basic Authentication credentials using the onAuthRequired event.

    It is available for free in the official Google Chrome web store: https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn

    Usage example of onAuthRequired event:

    sendCredentials = function(status)
{   
    console.log(status);
    return {username: "foo", password: "bar"};
}

chrome.webRequest.onAuthRequired.addListener(sendCredentials, {urls: ["<all_urls>"]}, ["blocking"]);

    You need to add the right permissions to the manifest file in order to use the onAuthRequired.

    "permissions": [ "http://*/*", "https://*/*", "webRequest", "webRequestBlocking", "tabs" ],

    Download the extensions and check the source code for a better approach.

    It should work even if the request was initiated from another extension.

    0 讨论(0)
 看不清?
提交回复
热议问题