On Tue, 17 Apr 2012 14:40:33 +0200, Hobbs, Timothy <[email protected]>
wrote:
Is my interpretation of the XMLHttpRequest specification flawed, is
there a need for the browser behavior to change, or is my requirement
just not serious enough?
The idea is that if you provide user/password, the browser does not
transmit them to the server but first waits to get challenged. If
challenged another request is made with the appropriate user/password. If
that fails the user should not be prompted. However, I believe this
behavior has not been universally implemented thus far and the way HTTP
authentication works does not make it easy to write tests for. (At least
I've had trouble creating exhaustive tests and reverse engineering the
appropriate behavior so I mostly gave up and have been hoping for someone
to fill me in on the details.)
--
Anne van Kesteren
http://annevankesteren.nl/
