避免在一个Chrome扩展HTTP认证弹出(摘要) [英] Avoid HTTP auth popup in a chrome extension (digest)
问题描述
我目前正在开发一个Chrome扩展,我需要访问一些HTTP的身份验证保护的资源管理(WebDAV)。该HTTP认证使用(在最好的情况下)摘要认证。
I'm currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication.
我能够直接使用的Ajax请求做AUTH的<一个href="https://login:password@domain.tld/path/to/ressource">https://login:password@domain.tld/path/to/ressource形式。
I'm able to do the auth directly in the ajax request using the https://login:password@domain.tld/path/to/ressource form.
的问题是:如果登录/密码错误,我不能只是得到一个401状态(非授权),Chrome浏览器弹出的常规身份验证对话框。我不希望因为它是迷惑用户,我不能在这里保存的凭证。
The issue is : if the login/password is wrong, I can't just get a 401 status (unauthorized), Chrome pops up the regular authentication dialog. Which I don't want cause it's confusing for user and I can't save the credentials from here.
编辑:另外一个用例我面临的是:我要检查,如果资源被密码保护的,但不尝试提供凭据actualy访问它
Another use-case I faced is : I want to check if a resource is password-protected without trying to provide credentials to actualy access it.
这是如何捕捉到401无坡平了Chrome浏览器的身份验证对话框?任何想法
Any ideas on how to catch the 401 without poping the Chrome's auth box ?
推荐答案
谷歌浏览器团队已经implented的onAuthRequired事件在谷歌浏览器22,所以现在是可能的,当HTTP基本认证是必需的检测。
Google Chrome teams has implented the onAuthRequired event in Google Chrome 22, so now is possible detect when the HTTP Basic Authentication is required.
其实我写了一个扩展使用onAuthRequired事件自动发送的HTTP基本身份验证凭据。
In fact I wrote a extension that automatically sends the HTTP Basic Authentication credentials using the onAuthRequired event.
这是免费的,在谷歌官方的Chrome Web Store: <一href="https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn" rel="nofollow">https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn
It is available for free in the official Google Chrome web store: https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn
onAuthRequired事件的用法例如:
Usage example of onAuthRequired event:
sendCredentials = function(status)
{
console.log(status);
return {username: "foo", password: "bar"};
}
chrome.webRequest.onAuthRequired.addListener(sendCredentials, {urls: ["<all_urls>"]}, ["blocking"]);
您需要正确的权限添加到清单文件,以使用onAuthRequired。
You need to add the right permissions to the manifest file in order to use the onAuthRequired.
"permissions": [ "http://*/*", "https://*/*", "webRequest", "webRequestBlocking", "tabs" ],
下载的扩展和检查源$ C $下一个更好的办法。
Download the extensions and check the source code for a better approach.
即使请求来自另一部分启动它应该工作。
It should work even if the request was initiated from another extension.
这篇关于避免在一个Chrome扩展HTTP认证弹出(摘要)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!