23.06.2010, в 7:57, Stuart Chi Chuen Ng написал(а):
Xhr.open(‘GET’, ‘’, false, ‘user’, ‘password’);
Synchronous XMLHttpRequest is slightly less tested than asynchronous,
but it should work, and we have test coverage for it.
For security reasons, programmatically provided credentials are
ignored for cross-origin requests.
Questions:
By calling this and then send, should I see the ‘Authorization’
HTTP Header being sent with username/password Base 64 encoded? I use
Packet sniffer and can not see this header being sent at all.
You describe Basic authorization scheme here. The server tells us what
scheme to use.
Does this only work after a HTTP 401 was received?
Yes, it should be received at least once. After that, we may cache the
protection space information, and send credentials preemptively.
- WBR, Alexey Proskuryakov
_______________________________________________
webkit-help mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-help
