I have a JavaScript snippet that looks approximately like this (obviously, the url, name and password are different):
$.ajax({ type: "GET", url: "http://example.com/ws/", dataType: "json", username: "user", password: "pass", success: function(msg){ alert( "Result: " + msg.text ); }, error: function (XMLHttpRequest, textStatus, errorThrown) { alert("Error " + textStatus + " -- " + errorThrown); } }); which I'm trying to use to access a URL protected by basic HTTP authentication. The script snippet above appears on a web page which is located on the same domain (and in the same authentication realm) as the URL I am trying to access. With Firefox 3.0 (Mac), this works as expected. With Safari 3.0 (Mac), however, it fails, and the console shows "Permission denied" at line 2666 in jQuery (jQuery-1.2.3), which is: xml.open(s.type, s.url, s.async, s.username, s.password); Hacking an 'alert' into jQuery at this point confirms that all the variables referenced are present and correct. Using equivalent code to get a publicly-accessible resource (i.e. one not protected by authentication) works without problems, so it would seem to be an authentication issue. Including 'user' and 'password' arguments in the options passed (even though they're not required) doesn't have any effect; the request succeeds. Finally, it looks as if the 'Permission denied' message isn't coming from the webserver; looking at the server logs reveals that the server didn't actually receive any request from Safari: apparently Safari decided to reject this request by itself, without even consulting the server. My impression therefore is that there's something strange with Safari doing XmlHttpRequests in the context of a protected page. Has anyone encountered something similar? Is this a general problem with Safari, or is it something that can be worked around in jQuery? Thanks in advance for any suggestions, Angus