Hi Andreas, Andreas Kollegger schrieb: > "Apache Sling HTTP Header Authentication" doesn't seem to work with > Safari (and I presume other WebKit browsers). Could anyone share some > insight into what is wrong, or point me to the relevant JIRA issue? I'm > not familiar with the details of http-authentication, so tracing through > the code only got me far enough to realize something wasn't happening as > expected on the browser side.
The problem with WebKit based browsers (Chrome has the same issue) is that the authentication used for AJAX requests are not kept in the cache for future use. Unlike the Gecko based browsers or even MS IE. In an internal project we worked around this issue by inspecting the client request header and setting a cookie with the credentials instead of using the 401 response together with the AJAX request to update the browser's credentials cache. Now when authenticating the request we not only look for the HTTP authentication header (as expected after a 401 authentication) but also for the cookie. Regards Felix
