Can I make AJAX work with HTTP authorization?
December 18, 2006 6:33 PM   Subscribe

Is it possible to make an AJAX request work with an HTTP authorization-protected server script?

I have a personal CGI script which is protected with a "require user" directive in the .htaccess file. I'm trying to add a little bit of AJAX to it, but it's not working. A look at the logs indicates that the requests from the XMLHttpRequest object are failing with a 401 ("Not authorized") error and aren't submitting a username.

Google searching wasn't very helpful; there are lots of sites about "http authorization" that also include the term "AJAX" but only as part of an ad or navigation feature. Is it possible to make AJAX requests send along the same authorization information as the browser, and if so, how?
posted by Godbert to Computers & Internet (5 answers total)
 
can you use the http://user:pass@server.com/blah.html format?
posted by null terminated at 6:37 PM on December 18, 2006


If not, you'll want to set the appropriate header using setRequestHeader(). See Wikipedia: Basic authentication.
posted by Khalad at 6:45 PM on December 18, 2006


Actually, it looks like the 4th and 5th parameter of the open() call take username and password values. Have you tried that?
posted by null terminated at 6:45 PM on December 18, 2006


As it turns out, I'm just an idiot. I had completely missed including the subdomain in the URL, and so the request was still hitting the same script, but for domain that I wasn't authorized for. I fixed that, and then it does pick up the authorization information from the browser. I appreciate the answers, though, especially since I hadn't considered looking for more params for open().
posted by Godbert at 6:55 PM on December 18, 2006


Just to follow up, the user:pass@server method is getting some criticism lately due to it being used in phishing attacks. Until it pays itself out I wouldn't recommend using it since it's a possibility some clients disable support for it in the future.
posted by sipher at 12:05 AM on December 19, 2006


« Older Can you identify this Peter Drucker quote:   |   Help me fix my subwoofer Newer »
This thread is closed to new comments.