ajax requests don't send http auth credentials even if you are already authenticated
Reported by
teo8...@gmail.com,
Mar 1 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 Steps to reproduce the problem: 0. keep DevTools open, look at the Network tab 1. go to http://output.jsbin.com/soyekid 2. now visit http://matteosistisette.com/test/stupidchrome/auth1/ajaxdata.php 3. When prompted for http authentication, enter these credentials: user: auth1 passwd: auth1 4. Go back to http://output.jsbin.com/soyekid What is the expected behavior? At step 1, you should (and do) see a blank page, and in Network tab a failed request to ajaxdata.php with response "401 Authorization required" At step 4, however, the javascript request to ajaxdata.php should automatically send the credentials, because you are already authenticated, and should succeed, and hence you should see the dynamically loaded text "HERE's YOUR DATA" in the page What went wrong? Step 1 is as expected, but at step 4 the same happens as at step 1. Did this work before? N/A Chrome version: 48.0.2564.116 Channel: n/a OS Version: Flash Version: Shockwave Flash 20.0 r0 I seem to remember seeing a bug report about this very issue, but I couldn't find it. The search engine of this bug tracker sucks.
,
Mar 3 2016
This should work due to preemptive auth down lower in the stack, but I'm not sure why happening in XHR case. Also not sure if this is a regression. Confirmed that going back to the URL in a MAIN_FRAME case will apply the preemptive auth tokens.
,
Mar 3 2016
Moving to P3 unless this was a recent regression.
,
May 23 2017
This is working as intended. XHR will not send credentials on cross-origin requests unless xhr.withCredentials is set to true. See https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials. jquery does not set the withCredentials flag, hence the result you are setting. I have tested Firefox and it gives the same result. |
|||
►
Sign in to add a comment |
|||
Comment 1 by chrishtr@chromium.org
, Mar 1 2016Status: Untriaged (was: Unconfirmed)