I have a JavaScript snippet that looks approximately like this
(obviously, the url, name and password are different):
$.ajax({
type: "GET",
url: "http://example.com/ws/";,
dataType: "json",
username: "user",
password: "pass",
success: function(msg){
alert( "Result: " + msg.text );
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
alert("Error " + textStatus + " -- " + errorThrown);
}
});
which I'm trying to use to access a URL protected by basic HTTP
authentication. The script snippet above appears on a web page which
is located on the same domain (and in the same authentication realm)
as the URL I am trying to access.
With Firefox 3.0 (Mac), this works as expected. With Safari 3.0 (Mac),
however, it fails, and the console shows "Permission denied" at line
2666 in jQuery (jQuery-1.2.3), which is:
xml.open(s.type, s.url, s.async, s.username, s.password);
Hacking an 'alert' into jQuery at this point confirms that all the
variables referenced are present and correct.
Using equivalent code to get a publicly-accessible resource (i.e. one
not protected by authentication) works without problems, so it would
seem to be an authentication issue. Including 'user' and 'password'
arguments in the options passed (even though they're not required)
doesn't have any effect; the request succeeds.
Finally, it looks as if the 'Permission denied' message isn't coming
from the webserver; looking at the server logs reveals that the server
didn't actually receive any request from Safari: apparently Safari
decided to reject this request by itself, without even consulting the
server. My impression therefore is that there's something strange with
Safari doing XmlHttpRequests in the context of a protected page.
Has anyone encountered something similar? Is this a general problem
with Safari, or is it something that can be worked around in jQuery?
Thanks in advance for any suggestions,
Angus
