有没有办法让Chrome打包的应用程序来处理Http BasicAuthentication [英] Is there a way for chrome packaged apps to handle Http BasicAuthentication
问题描述
我正在构建一个名为Git Crx的Chrome打包应用程序,顾名思义它需要使用HTTPS(智能协议)从远程git repos访问网络请求,但如果您尝试对网址执行XHR请求返回401,XHR将失败,而不使用正常的浏览器凭据机制,而以前打包的应用程序会显示浏览器正常凭据请求UI。
现在我认为这样做很有意义因为Chrome应用程序应该是独立的应用程序,而不仅仅是网页,他们恰好将Chrome用作运行时。
但问题是如何Chrome Apps现在是否处理使用正常http身份验证(返回401状态码)的网站的身份验证,而不是使用Chrome应用可用的身份验证API支持的OAuth?
所以在研究写这个问题的时候,我自己找到了答案......
首先基于从XHR响应中获取401作为状态,我可以设置Authorization头进行身份验证,并以QUnit测试用例的形式编写代码:
asyncTest(check can basic Basic Auth XHR,function(){
expect(1);
var authCreds =maks:s3cret;
var oReq = new XMLHttpRequest();
函数reqListener(){$ b $ if(this.status == 200){
等于(this.responseText.trim(),秘密,期待从服务器获得正确的res文本);
start();
} else if(this.status == 401){
oReq = new XMLHttpRequest();
oReq.onload = reqListener;
oReq.open(get,http://acme.test.com/auth-test,true );
oReq.setRequestHeader(Authorization,Basic+ btoa(authCreds));
oReq.send();
}
}
oReq.onload = reqListener;
oReq.open(get,http://acme.test.com/auth-test,true);
oReq.send();
});
但是,这是假设该方案是基本的,但它可能是Digest或NTLM,所以您还需要解析响应头以及...
var authType = oReq.getResponseHeader('WWW-Authenticate');
//根据类型做auth ...
希望这可以帮助其他人在未来的船...
I'm building a Chrome packaged app called Git Crx and as the name suggests it needs to go network requests to and from remote git repos using HTTPS (smart protocol) BUT if you attempt to do an XHR request to a url that returns 401, the XHR will fail without using the normal browser credentials machinery whereas previously packaged apps would show the browsers normal credentials request UI.
Now I think that does makes sense to me now, as Chrome Apps are supposed to be stand alone apps and not just webpages, they just happen to use the Chrome as a runtime.
But then the question is how do Chrome Apps now deal with authentication for sites that use normal http authentication (return 401 status code) instead of using OAuth which is supported by the authentication APIs available to Chrome apps?
So in researching to write this question well, I found my answer myself...
First based on getting back a 401 as the status from the XHR response, I can set the Authorization header to do authentication, heres code in the form of a QUnit test case:
asyncTest("check can do Basic Auth XHR", function() {
expect(1);
var authCreds = "maks:s3cret";
var oReq = new XMLHttpRequest();
function reqListener () {
if (this.status == 200) {
equal(this.responseText.trim(), "the secret", "expect correct res text from server");
start();
} else if (this.status == 401) {
oReq = new XMLHttpRequest();
oReq.onload = reqListener;
oReq.open("get", "http://acme.test.com/auth-test", true);
oReq.setRequestHeader("Authorization", "Basic "+btoa(authCreds));
oReq.send();
}
}
oReq.onload = reqListener;
oReq.open("get", "http://acme.test.com/auth-test", true);
oReq.send();
});
But that is making an assumption that the scheme is Basic but it could be Digest or NTLM, so you also need to parse the response header as well...
var authType = oReq.getResponseHeader('WWW-Authenticate');
// do auth based on type...
Hope this helps others in the same boat in the future...
这篇关于有没有办法让Chrome打包的应用程序来处理Http BasicAuthentication的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
