避免在一个Chrome扩展HTTP认证弹出（摘要） [英] Avoid HTTP auth popup in a chrome extension (digest)

问题描述

我目前正在开发一个Chrome扩展，我需要访问一些HTTP的身份验证保护的资源管理（WebDAV）。该HTTP认证使用（在最好的情况下）摘要认证。

I'm currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication.

我能够直接使用的Ajax请求做AUTH的<一个href="https://login:password@domain.tld/path/to/ressource">https://login:password@domain.tld/path/to/ressource形式。

I'm able to do the auth directly in the ajax request using the https://login:password@domain.tld/path/to/ressource form.

的问题是：如果登录/密码错误，我不能只是得到一个401状态（非授权），Chrome浏览器弹出的常规身份验证对话框。我不希望因为它是迷惑用户，我不能在这里保存的凭证。

The issue is : if the login/password is wrong, I can't just get a 401 status (unauthorized), Chrome pops up the regular authentication dialog. Which I don't want cause it's confusing for user and I can't save the credentials from here.

编辑：另外一个用例我面临的是：我要检查，如果资源被密码保护的，但不尝试提供凭据actualy访问它

Another use-case I faced is : I want to check if a resource is password-protected without trying to provide credentials to actualy access it.

这是如何捕捉到401无坡平了Chrome浏览器的身份验证对话框？任何想法

Any ideas on how to catch the 401 without poping the Chrome's auth box ?

推荐答案

谷歌浏览器团队已经implented的onAuthRequired事件在谷歌浏览器22，所以现在是可能的，当HTTP基本认证是必需的检测。

Google Chrome teams has implented the onAuthRequired event in Google Chrome 22, so now is possible detect when the HTTP Basic Authentication is required.

其实我写了一个扩展使用onAuthRequired事件自动发送的HTTP基本身份验证凭据。

In fact I wrote a extension that automatically sends the HTTP Basic Authentication credentials using the onAuthRequired event.

这是免费的，在谷歌官方的Chrome Web Store： <一href="https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn" rel="nofollow">https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn

It is available for free in the official Google Chrome web store: https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn

onAuthRequired事件的用法例如：

Usage example of onAuthRequired event:

sendCredentials = function(status)
{   
    console.log(status);
    return {username: "foo", password: "bar"};
}

chrome.webRequest.onAuthRequired.addListener(sendCredentials, {urls: ["<all_urls>"]}, ["blocking"]);

您需要正确的权限添加到清单文件，以使用onAuthRequired。

You need to add the right permissions to the manifest file in order to use the onAuthRequired.

"permissions": [ "http://*/*", "https://*/*", "webRequest", "webRequestBlocking", "tabs" ],

下载的扩展和检查源$ C ​​$下一个更好的办法。

Download the extensions and check the source code for a better approach.

即使请求来自另一部分启动它应该工作。

It should work even if the request was initiated from another extension.

这篇关于避免在一个Chrome扩展HTTP认证弹出（摘要）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！