Comments on: XMLHTTPRequest + Authentication = Frustration http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/ Programming language geek-outs with your host, Max Bolingbroke Wed, 22 Apr 2009 11:47:14 +0000 http://wordpress.com/ hourly 1 By: Fuzzyman http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-38 Fuzzyman Mon, 07 May 2007 14:12:29 +0000 http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-38 It seemed to do fine escaping the angle brackets in your actual post... ;-) It seemed to do fine escaping the angle brackets in your actual post… ;-)

]]> By: Frustration + Lazyweb = Results « :: (Bloggable a) => a -> IO () http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-37 Frustration + Lazyweb = Results « :: (Bloggable a) => a -> IO () Mon, 07 May 2007 14:09:27 +0000 http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-37 [...] 7th, 2007 OK, to follow up on my last post about the quirks of XMLHTTPRequest, fuzzyman very kindly provided most of the solution I [...] [...] 7th, 2007 OK, to follow up on my last post about the quirks of XMLHTTPRequest, fuzzyman very kindly provided most of the solution I [...]

]]> By: batterseapower http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-35 batterseapower Mon, 07 May 2007 13:08:56 +0000 http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-35 Um, yeah. It seems that wordpress doesn't escape angle brackets... thats almost unbelievably bad :). Anyway, I wrote something like this: Ah, is -that- the trick? Thanks for the tip: I'll try it out ASAP, but if only there were a place where this stuff was specified.. I still think the default behaviour shoud be to send an authorization header if username/password are specified in the AJAX call (and indeed all the HTTP clients I've written do this), since it doesn't do any harm and can avoid one round trip to the server if the URL requires authentication, which should be the usual case.. Um, yeah. It seems that wordpress doesn’t escape angle brackets… thats almost unbelievably bad :) .

Anyway, I wrote something like this:
Ah, is -that- the trick? Thanks for the tip: I’ll try it out ASAP, but if only there were a place where this stuff was specified..

I still think the default behaviour shoud be to send an authorization header if username/password are specified in the AJAX call (and indeed all the HTTP clients I’ve written do this), since it doesn’t do any harm and can avoid one round trip to the server if the URL requires authentication, which should be the usual case..

]]> By: batterseapower http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-34 batterseapower Mon, 07 May 2007 13:05:44 +0000 http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-34 Ah, is >that Ah, is >that

]]> By: Fuzzyman http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-33 Fuzzyman Mon, 07 May 2007 12:47:08 +0000 http://bloggablea.wordpress.com/2007/05/06/xmlhttprequest-authentication-frustration/#comment-33 Doesn't the trick with authentication rely on having one URL that *does* raise a 401, so that the headers will be sent? After that, most browsers then send the headers with every request. Doesn’t the trick with authentication rely on having one URL that *does* raise a 401, so that the headers will be sent?

After that, most browsers then send the headers with every request.

]]>