Menu
I am attempting to use XMLHTTPRequest to get an update on twitter.
var XMLReq = new XMLHttpRequest(); XMLReq.open("GET", "http://twitter.com/account/verify_credentials.json", false, "TestAct", "password"); XMLReq.send(null); However, using my sniffer I cannot see any authorization headers being passed through. Hence, I get a 401 error response from Twitter.
The account and password are correctly entered.
Anyone attempt this? Can anyone give me some pointers? Thank you.
837
Basic Auth: The client sends HTTP requests with the Authorization header that contains the word Basic, followed by a space and a base64-encoded(non-encrypted) string username: password. For example, to authorize as username / Pa$$w0rd the client would send.
XMLHttpRequest can make cross-origin requests, using the same CORS policy as fetch. Just like fetch , it doesn't send cookies and HTTP-authorization to another origin by default.
The XMLHttpRequest. withCredentials property is a boolean value that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-origin requests.
You just need to add a Authorization header, an user name and password in a base64 encoded string as follows.
XMLReq.setRequestHeader("Authorization", "Basic " + btoa("username:password")); In cross-origin requests, you have to explicitly set the withCredentials flag if you want user credentials to be sent.
See http://www.w3.org/TR/XMLHttpRequest/#the-withcredentials-attribute (where user credentials includes HTTP authentication)
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
