Good old Chrome autoupdated itself last week. All was fine except now I can’t seemlessly log into my web applications.

Turns out it has stopped supporting embedded identities eg: http://username:password@google.com

(note: that is not my real username and password!) That is fine but it looks like when you use the following code:

1
2

var xhr = new XMLHttpRequest();
xhr.open("GET", "/data", false, "pete", "test1");

It doesn’t use the username and password anymore and instead the user gets the authentication dialog box.

Surely this is a bug?!

I thought I had got a workaround by adding the following code:

1

xhr.setRequestHeader("Authorization","Basic cGV0ZTp0ZXN0Mg==");

This does work but the browser doesn’t save the credentials, so if the browser gets sent to a secure page, you still get the popup authorisation dialog.

My choices are:

1. Wait to see if they fix this problem

2. Don’t support Chrome anymore

3. Rewrite the authentication system

It looks like point 3 is the way to go. I might have to start using cookies within the authentication process, I really liked using the Basic HTTP authentication because it can be used by the browser and programmatically very easily. If I introduce cookies, then programmatically retrieving data gets harder and a lot messier.