XMLHttpRequest使用用户名/密码发送GET HTTP请求 [英] XMLHttpRequest to send a GET HTTP request with an username/password
问题描述
我开发Chrome时使用XMLHttpRequest将带有用户名/密码的GET HTTP请求发送到基本身份验证受保护的URL,以便之后可以自动登录(因为Chrome会缓存基本HTTP身份凭证-auth)。
下面是我使用的代码:
var xml = new XMLHttpRequest();
xml.open('GET',< url>,false,< username>,< password>)
xml.send('');
经过一些额外的研究后,我发现它可能与Chrome 19不支持用户名:pwd @ url语法,用于验证basic-auth受保护的URL,因为当我发送XMLHttpRequest时,我在Google Chrome的js控制台中看到了这一点:
$ b
GET http:// user:pass@domain.com 401(未授权)
我的功能
<$ p
function autoLogin(domain,user,password){
var httpAuth;
if(window.XMLHttpRequest){
httpAuth = new XMLHttpRequest(); //代码为IE7 +,Firefox,Chrome,Opera,Safari
}
else if(window.ActiveXObject){
httpAuth = new ActiveXObject(Microsoft.XMLHTTP); // code for IE6,IE5
}
else {
alert(Seu browsernãosuportaautenticaçãoxml。Favor autenticar no popup!);
}
var userName = domain +\\+ user;
httpAuth.open(GET,/_layouts/settings.aspx,false,userName,password);
httpAuth.onreadystatechange = function(){
if(httpAuth.status == 401){
alert(Usuárioe / ou senhainválidos。);
eraseCookie('AutoLoginCookieUserControl_User');
eraseCookie('AutoLoginCookieUserControl_Password'); $($'$')
$ b $ {
if($(。pnlLogin)。(':visible')){
$(。pnlLogin)。hide();
$(。pnlUsuario)。css(display,block);
$(。avatar)。css(display,block);
var name = $()。SPServices.SPGetCurrentUser({fieldName:Title});
$(。loginNomeUsuario)。html(Seja Bem Vindo(a)< br />+ name);
}
}
}
var userAgent = navigator.userAgent.toLowerCase();
$ .browser.chrome = /chrome/.test(navigator.userAgent.toLowerCase());
if($ .browser.chrome == true){
httpAuth.setRequestHeader(Authorization,Basic+ btoa(userName +:+ password));
}
尝试{
httpAuth.send();
}
catch(err){
console.log(err);
$ div $解析方案
你需要手动添加头文件到XHR请求。
xml.setRequestHeader(Authorization,Basic+ btoa(username +:+ password) p>
此处演示: http://jsbin.com/inuhiv/2 ( NOte,没有什么可以认证的,但是看devtools并看到请求有auth头文件)
I develop a Chrome uses XMLHttpRequest to send a GET HTTP request with an username/password to a basic-auth-protected URL, so that it can then "auto-login" to it afterwards (since Chrome caches credentials for HTTP basic-auth).
Here's the code I use:
var xml = new XMLHttpRequest();
xml.open('GET',<url>,false,<username>,<password>)
xml.send('');
After some additional research, I found out that it might have to do with Chrome 19 not supporting the username:pwd@url syntax for authenticating to basic-auth protected URLs, because when I send the XMLHttpRequest, I see this in Google Chrome's js console:
GET http://user:pass@domain.com 401 (Unauthorized)
Does anyone know whether it's a bug or if Chrome stopped supporting this feature?
My function
function autoLogin(domain, user, password) {
var httpAuth;
if (window.XMLHttpRequest) {
httpAuth = new XMLHttpRequest(); // code for IE7+, Firefox, Chrome, Opera, Safari
}
else if (window.ActiveXObject) {
httpAuth = new ActiveXObject("Microsoft.XMLHTTP"); // code for IE6, IE5
}
else {
alert("Seu browser não suporta autenticação xml. Favor autenticar no popup!");
}
var userName = domain + "\\" + user;
httpAuth.open("GET", "/_layouts/settings.aspx", false, userName, password);
httpAuth.onreadystatechange = function () {
if (httpAuth.status == 401) {
alert("Usuário e/ou senha inválidos.");
eraseCookie('AutoLoginCookieUserControl_User');
eraseCookie('AutoLoginCookieUserControl_Password');
}
else {
if ($(".pnlLogin").is(':visible')) {
$(".pnlLogin").hide();
$(".pnlUsuario").css("display", "block");
$(".avatar").css("display", "block");
var name = $().SPServices.SPGetCurrentUser({ fieldName: "Title" });
$(".loginNomeUsuario").html("Seja Bem Vindo(a) <br />" + name);
}
}
}
var userAgent = navigator.userAgent.toLowerCase();
$.browser.chrome = /chrome/.test(navigator.userAgent.toLowerCase());
if ($.browser.chrome == true) {
httpAuth.setRequestHeader("Authorization", "Basic " + btoa(userName + ":" + password));
}
try {
httpAuth.send();
}
catch (err) {
console.log(err);
}
}
You need to add headers to the XHR request manually.
xml.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))
Demo here: http://jsbin.com/inuhiv/2 (NOte, there is nothing to auth, however look at devtools and see the request has auth header)
这篇关于XMLHttpRequest使用用户名/密码发送GET HTTP请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!