Petes techie blog

A blog written for two people. Me and You.

Chrome 19: Xmlhttprequest Open() With Authentication Is Broken

| Comments

Good old Chrome autoupdated itself last week. All was fine except now I can’t seemlessly log into my web applications.

Turns out it has stopped supporting embedded identities eg: http://username:password@google.com

(note: that is not my real username and password!) That is fine but it looks like when you use the following code:

1
2
var xhr = new XMLHttpRequest();
xhr.open("GET", "/data", false, "pete", "test1");

It doesn’t use the username and password anymore and instead the user gets the authentication dialog box.

Surely this is a bug?!

I thought I had got a workaround by adding the following code:

1
xhr.setRequestHeader("Authorization","Basic cGV0ZTp0ZXN0Mg==");

This does work but the browser doesn’t save the credentials, so if the browser gets sent to a secure page, you still get the popup authorisation dialog.

My choices are:

  1. Wait to see if they fix this problem

  2. Don’t support Chrome anymore

  3. Rewrite the authentication system

It looks like point 3 is the way to go. I might have to start using cookies within the authentication process, I really liked using the Basic HTTP authentication because it can be used by the browser and programmatically very easily. If I introduce cookies, then programmatically retrieving data gets harder and a lot messier.