Menu
I managed to successfully invoke a URL behind a directory in Apache that is protected with Basic Authentication (htpasswd, etc.). The Ajax GET request works normally and returns the protected content:
var encoded = Base64.encode(username + ':' + password);
$.ajax({
url: "/app/test",
type: "GET",
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic ' + encoded);
},
success: function() {
window.location.href = '/app/test.html';
}
});
My original assumption was that once the web session had successfully authorized a request, it would make possible the redirection in the 'success' block without asking user credentials. When this code block is invoked, the user had entered username and password, in a non-protected environment. However, when the redirect is invoked, the browser will popup the the login/password window.
Any suggestions on how I could pre-authorize a session with the Basic Authorization which would have been provided by the users?
534
It's impossible to redirect to a page with custom headers set, no matter what language or framework you use. In other words, there's no way to trigger an HTTP redirect and cause the client (browser) to add a custom header.
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.
Logging with AJAX request usually works because a successful AJAX request sets session cookies that will be sent in all subsequent requests transparently.
Maybe your cookies are set but for some reason are not set transparently: you can check with xhr.getAllResponseHeaders() / xhr.getResponseHeader() and after that set them with document.cookie.
If no session cookies, then this behaviour usually fails.
You can try to redirect with the username+password in the url (not recommended because username+password probably will be visible in the browser address url bar afterwards):
window.location.href =
window.location.protocol + "//" +
username + ":" + password + "@" +
window.location.hostname +
(window.location.port ? ":" + window.location.port : "") +
'/app/test.html';
Also you should test to delay the redirection... because maybe it's working but you need to give some extra time to the browser, did you try:
var encoded = Base64.encode(username + ':' + password);
$.ajax({
url: "/app/test",
type: "GET",
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic ' + encoded);
},
success: function() {
setTimeout(function() {
window.location.href = '/app/test.html';
}, 333);
}
});
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
