XMLHttpRequest使用用户名/密码发送GET HTTP请求 [英] XMLHttpRequest to send a GET HTTP request with an username/password

问题描述

我开发Chrome时使用XMLHttpRequest将带有用户名/密码的GET HTTP请求发送到基本身份验证受保护的URL，以便之后可以自动登录（因为Chrome会缓存基本HTTP身份凭证-auth）。

下面是我使用的代码：

  var xml = new XMLHttpRequest（）; 
 xml.open（'GET'，< url>，false，< username>，< password>）
 xml.send（''）; 
  

经过一些额外的研究后，我发现它可能与Chrome 19不支持用户名：pwd @ url语法，用于验证basic-auth受保护的URL，因为当我发送XMLHttpRequest时，我在Google Chrome的js控制台中看到了这一点：
$ b

GET http：// user：pass@domain.com 401（未授权）

我的功能

<$ p

有人知道这是否是一个错误，或者Chrome是否停止支持此功能？ $ p> function autoLogin（domain，user，password）{
var httpAuth;

if（window.XMLHttpRequest）{
httpAuth = new XMLHttpRequest（）; //代码为IE7 +，Firefox，Chrome，Opera，Safari
}
else if（window.ActiveXObject）{
httpAuth = new ActiveXObject（Microsoft.XMLHTTP）; // code for IE6，IE5
}
else {
alert（Seu browsernãosuportaautenticaçãoxml。Favor autenticar no popup！）;
}

var userName = domain +\\+ user;

httpAuth.open（GET，/_layouts/settings.aspx，false，userName，password）;
httpAuth.onreadystatechange = function（）{
if（httpAuth.status == 401）{
alert（Usuárioe / ou senhainválidos。）;
eraseCookie（'AutoLoginCookieUserControl_User'）;
eraseCookie（'AutoLoginCookieUserControl_Password'）; $（$'$'）
$ b $ {
if（$（。pnlLogin）。（'：visible'））{
$（。pnlLogin）。hide（）;
$（。pnlUsuario）。css（display，block）;
$（。avatar）。css（display，block）;
var name = $（）。SPServices.SPGetCurrentUser（{fieldName：Title}）;
$（。loginNomeUsuario）。html（Seja Bem Vindo（a）< br />+ name）;
}
}
}
var userAgent = navigator.userAgent.toLowerCase（）;
$ .browser.chrome = /chrome/.test（navigator.userAgent.toLowerCase（））;

if（$ .browser.chrome == true）{
httpAuth.setRequestHeader（Authorization，Basic+ btoa（userName +：+ password））;
}
尝试{
httpAuth.send（）;
}
catch（err）{
console.log（err）;



$ div $解析方案

你需要手动添加头文件到XHR请求。

xml.setRequestHeader（Authorization，Basic+ btoa（username +：+ password） p>

此处演示： http://jsbin.com/inuhiv/2 （ NOte，没有什么可以认证的，但是看devtools并看到请求有auth头文件）

I develop a Chrome uses XMLHttpRequest to send a GET HTTP request with an username/password to a basic-auth-protected URL, so that it can then "auto-login" to it afterwards (since Chrome caches credentials for HTTP basic-auth).

Here's the code I use:

  var xml = new XMLHttpRequest();
  xml.open('GET',<url>,false,<username>,<password>)
  xml.send('');

After some additional research, I found out that it might have to do with Chrome 19 not supporting the username:pwd@url syntax for authenticating to basic-auth protected URLs, because when I send the XMLHttpRequest, I see this in Google Chrome's js console:

GET http://user:pass@domain.com 401 (Unauthorized)

Does anyone know whether it's a bug or if Chrome stopped supporting this feature?

My function

function autoLogin(domain, user, password) {
        var httpAuth;

        if (window.XMLHttpRequest) {
            httpAuth = new XMLHttpRequest(); // code for IE7+, Firefox, Chrome, Opera, Safari
        }
        else if (window.ActiveXObject) {
            httpAuth = new ActiveXObject("Microsoft.XMLHTTP"); // code for IE6, IE5
        }
        else {
            alert("Seu browser não suporta autenticação xml. Favor autenticar no popup!");
        }

        var userName = domain + "\\" + user;

        httpAuth.open("GET", "/_layouts/settings.aspx", false, userName, password);
        httpAuth.onreadystatechange = function () {
            if (httpAuth.status == 401) {
                alert("Usuário e/ou senha inválidos.");
                eraseCookie('AutoLoginCookieUserControl_User');
                eraseCookie('AutoLoginCookieUserControl_Password');
            }
            else {
                if ($(".pnlLogin").is(':visible')) {
                    $(".pnlLogin").hide();
                    $(".pnlUsuario").css("display", "block");
                    $(".avatar").css("display", "block");
                    var name = $().SPServices.SPGetCurrentUser({ fieldName: "Title" });
                    $(".loginNomeUsuario").html("Seja Bem Vindo(a) <br />" + name);
                }
            }
        }
        var userAgent = navigator.userAgent.toLowerCase(); 
        $.browser.chrome = /chrome/.test(navigator.userAgent.toLowerCase());

        if ($.browser.chrome == true) {
            httpAuth.setRequestHeader("Authorization", "Basic " + btoa(userName + ":" + password));
        }
        try {
            httpAuth.send();
        }
        catch (err) {
            console.log(err);
        }
    }

解决方案

You need to add headers to the XHR request manually.

xml.setRequestHeader("Authorization", "Basic " + btoa(username + ":" + password))

Demo here: http://jsbin.com/inuhiv/2 (NOte, there is nothing to auth, however look at devtools and see the request has auth header)

这篇关于XMLHttpRequest使用用户名/密码发送GET HTTP请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！