Menu
I have implemented a web server which uses Basic authentication(using spring security).
I disabled the default authentication entry point when accessing a URL (instead of responding 401 with www-authentication header, it just returns 401), the purpose is to prevent the browser from displaying the authentication popup.
I am able to connect to the server with javascript code and command line tools like curl, however when I tested it with browsers (chrome & firefox), they just don't send the header.
curl -v -u user:password localhost:8080/user
GET /user HTTP/1.1
Host: localhost:8080
Authorization: Basic dXNlcjpwYXNzd29yZA==
User-Agent: curl/7.58.0
Accept: /
Chrome: version 71.0.3578.98 (Official Build) (64-bit)
http://user:password@localhost:8080/user
GET /user HTTP/1.1
Host: localhost:8080
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
DNT: 1
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Encoding: gzip, deflate, br Accept-Language: en-AU,en;q=0.9,fr-FR;q=0.8,fr;q=0.7,en-GB;q=0.6,en-US;q=0.5
Why the browsers are not sending the authentication header.
367
The Backend adds a valid token as Authorization part to the header. To manipulate HTML-request with a browser you need a plugin like https://addons.mozilla.org/de/firefox/addon/restclient/ or an extra tool like postman, SoapUI, httpie or curl (included in many linux distros).
It is indeed not possible to pass the username and password via query parameters in standard HTTP auth. Instead, you use a special URL format, like this: http://username:[email protected]/ -- this sends the credentials in the standard HTTP "Authorization" header.
Select Control Center from the Account or dropdown menu (☰) on the Dashboard. Tap Account Verification. Then tap Generate in the Authorize a New Device section. Input the code on your new device or browser, and you're in.
Normally the Browser gets the Auth-token after login. The Backend adds a valid token as Authorization part to the header. To manipulate HTML-request with a browser you need a plugin like https://addons.mozilla.org/de/firefox/addon/restclient/ or an extra tool like postman, SoapUI, httpie or curl (included in many linux distros).
109
Actually You can. With the help of Client Side JavaScript you can send. Use AJAX request. Pass Authentication token in xhr request param.
<script type='text/javascript'>
// define vars
var url = 'https://...';
// ajax call
$.ajax({
url: url,
dataType : 'jsonp',
beforeSend : function(xhr) {
// set header if JWT is set
if ($window.sessionStorage.token) {
xhr.setRequestHeader("Authorization", "Bearer " + $window.sessionStorage.token);
}
},
error : function() {
// error handler
},
success: function(data) {
// success handler //can redirect to any route of your wish
}
});
</script>
P.S. - I got hint from Where to save a JWT in a browser-based application and how to use it
39
I found your question because I was looking for the same thing !
However, I installed https://modheader.com/ and it works perfectly !!
you call follow the install process and then add any header you want:
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
