XMLHTTPRequest + Authentication = Frustration
May 6, 2007
So I just spent the last 2 hours or so of my life buggering around with Ruby on Rails and trying to get it to do a RESTful login (i.e. one using HTTP Authorization headers, as opposed to the normal cookie stuff). There are some nice articles about pulling this feat off, such as here and here: the basic trick is to use XMLHTTPRequest to force the username/password from form fields into the browers authentication cache. However, it seems that if the resource your XMLHTTPRequest is trying to talk to never returns a 401 (Access Denied) then XMLHTTPRequest never feels the need to send the Authorization header at all, even if you specify a username and password for it. I’m really at a loss as to why it has this bizarre behaviour, so I’m really hoping I’ve misdiagnosed it, but it’s looking unlikely.
This afternoon has been my first serious attempt to play with Rails, and the whole thing has been nothing but frustration! As well as the usual the-web-is-crap issues like the above, I’ve had to contend with documentation that is scattered over the Ruby and Rails websites, when it exists at all! Some of the stuff I’ve had to use (like the base.send :helper_method call to expose some things neatly to my views) seem vital but don’t appear anywhere but as cursory mentions in changelogs. Furthermore, their habit of introducing breaking changes means some code examples I find don’t work without some obscure patching, and when things go wrong there is so much framework magic going on I have a hard time debugging it! Hopefully this feeling will fade with time, as lots of other people seem to praise Rails to the heavens, but I can’t remember even being this frustrated with a new technology :-).