Open
Bug 221943
Opened 21 years ago
Updated 2 years ago
xmlhttprequest needs an alternate authentication method
Categories
(Core :: XML, defect)
Core
XML
Tracking
()
NEW
People
(Reporter: samuel, Unassigned)
References
Details
Attachments
(1 file)
6.18 KB,
patch
|
hjtoi-bugzilla
:
review-
|
Details | Diff | Splinter Review |
Sometimes applications using xmlhttprequest don't want the password dialog to pop up if authentication failed. It would be nice to get a callback or possibly just to not have the dialog and return an error if authentication fails.
Comment 1•21 years ago
|
||
if I'm right this bug blocks bug 197087.
Comment 3•20 years ago
|
||
this is a proposed idea to fix this bug more than a proposed patch. I've compiled with these changes, but I haven't tested it (because I haven't a testcase yet). But to make a first look it's ok, I think.
Updated•20 years ago
|
Attachment #142679 -
Flags: review?(hjtoi-bugzilla)
Ariel, the problem is that we should avoid changing the XMLHttpRequest interface. If that was ok, then this kind of approach would work, but the property would need to be declared off limits to web pages in all.js because of security reasons. Since this thing would be called from code with chrome privileges, it seems like you should be able to provide your own auth prompt implementation completely. Maybe we'll just need a sample here to show how it's done, and this bug can then be closed just by checking in a sample of how to do it, and not change any XMLHttpRequest code.
Updated•20 years ago
|
Attachment #142679 -
Flags: review?(hjtoi-bugzilla) → review-
Comment 5•20 years ago
|
||
I was thinking that I should be able to provide my own auth prompt. But I'm not sure now. I intended to use nsIAuthPrompt like a listener interface, as to provide a graphical independent way to get a username and a password. If I want to use nsIAuthPrompt in that way (in JS) I need to compile its idl to xpt, but I'm not sure if it's possible because I'll have a nsIAuthPrompt.h and nsIAuthPrompt.xpt with the same uuid number. So I'll try to extend nsIAuthPrompt with an empty interface with a different uuid number. Please, if you have a better/cleaner way to do that let me know.
Comment 6•20 years ago
|
||
I was thinking... is ok to change "open" method ? adding: xmlhttp.open( method, url, async, prompter ). I can build a nsIAuthPrompt like: var prompter = { prompt: function( dialogTitle, text, passwordRealm, savePassword, defText, result) { return this.promptPassword( dialogTitle, text, passwordRealm, savePassword, result ); }, promptPassword: function( dialogTitle, text, passwordRealm, savePassword, pwd) { return this.promptUsernameAndPassword( dialogTitle, text, passwordRealm, savePassword, new Object(), pwd ); }, promptUsernameAndPassword: function( dialogTitle, text, passwordRealm, savePassword, user, pwd) { /* here must be implemented a way to get username and password */ user.value = "mr_user"; pwd.value = "secret_pwd"; return true; } } but xmlhttp must to use it. how can I do that if I can't change the interface? :(
the interface for open is magical: 184 * Meant to be a script-only method for initializing a request. 185 * The parameters are similar to the ones detailed in the 186 * description of <code>openRequest</code>, but the last 187 * 3 are optional. 188 * 189 * Will abort currently active loads. 190 * 191 * After the initial response, all event listeners will be cleared. 192 * Call open() before setting new event listeners. 193 * 194 * @param method The HTTP method - either "POST" or "GET". Ignored 195 * if the URL is not a HTTP URL. 196 * @param url The URL to which to send the request. 197 * @param async (optional) Whether the request is synchronous or 198 * asynchronous i.e. whether send returns only after 199 * the response is received or if it returns immediately after 200 * sending the request. In the latter case, notification 201 * of completion is sent through the event listeners. 202 * The default value is true. 203 * This argument must be true if the multipart 204 * attribute has been set to true, or an exception will 205 * be thrown. 206 * @param user (optional) A username for authentication if necessary. 207 * The default value is the empty string 208 * @param password (optional) A password for authentication if necessary. 209 * The default value is the empty string 210 */ 211 void open(in AUTF8String method, in AUTF8String url); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ note that it doesn't specify params 3 through 5. it's fairly easy to change param 4 so that it accepts either an authprompt or a string. but you probably need to do a security check on that to disallow random content from providing the auth prompt. This may actually affect me.
Comment 8•20 years ago
|
||
Did something related to this change between RC1 and RC2 of Firefox? XMLHttpRequest used to ask for user name and password if needed. In RC2 it just fails without the prompt.
(In reply to comment #8) > Did something related to this change between RC1 and RC2 of Firefox? > > XMLHttpRequest used to ask for user name and password if needed. In RC2 it just > fails without the prompt. You should file a new bug for that.
Reporter | ||
Comment 10•20 years ago
|
||
Although if this is true, it's a good thing for xmlrpc...
Comment 11•19 years ago
|
||
the RC1 to RC2 failing on authentication is probably related to bug #268216.
Updated•15 years ago
|
QA Contact: ashshbhatt → xml
Comment 12•2 years ago
|
||
The bug assignee didn't login in Bugzilla in the last 7 months, so the assignee is being reset.
Assignee: hjtoi-bugzilla → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•