On Wed, Feb 10, 2016 at 1:44 PM, Jan-Paul Kleijn <[email protected]> wrote:
> Hi,
> Thanks for helping. My precise problem is that it is not possible to load
> the page XWiki.XWikiLogin with the use of XMLHttpRequest in javascript. I
> have tested this when logged in and when not logged in.
>
> This is the example code (from W3Schools.com, a little bit compressed):
>
> {{velocity}}
> {{html}}
>
> <h2>Using the XMLHttpRequest object</h2>
> <button type="button" onclick="loadXMLDoc()">Change Content</button>
> <p id="demo"></p>
>
> <script>
> function loadXMLDoc() {
> var xmlhttp;
> if (window.XMLHttpRequest) xmlhttp = new XMLHttpRequest();
> else xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
> xmlhttp.onreadystatechange = function() {
> if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
> document.getElementById("demo").innerHTML = xmlhttp.responseText;
> };
> xmlhttp.open("GET",
> "$xwiki.getURL('XWiki.XWikiLogin','login')?xpage=plain", true);
> xmlhttp.send();
> }
> </script>
>
> {{/html}}
> {{/velocity}}
>
> This results in a console logged javascript error report stating a "401:
> Unauthorized" error.
>
> I have tried it with another page in the XWiki space and that page /can/
> be requested via GET.
>
> So I suspect it is not the space but the page (XWiki.XWikiLogin) that
> cannot be fetched via a GET request in javascript.
>
Have you tried accessing the XWiki.XWikiLogin page in view mode? i.e.
/xwiki/bin/view/XWiki/XWikiLogin . If you do you'll see that it doesn't
event exist. The login UI is defined in a Velocity template, login.vm,
which is associated with the 'login' action (that you specify in the URL).
>
> Regards,
> Jan-Paul
>
>
> Op 10-2-2016 om 10:31 schreef Eduard Moraru:
>
> Hi,
>>
>> On Mon, Feb 1, 2016 at 12:36 PM, Jan-Paul Kleijn <[email protected]> wrote:
>>
>> Hi there,
>>> The login page of XWiki is situated in the XWiki space. From this space
>>> it
>>> is not possible to load pages with a XMLHttpRequest in javascript.
>>>
>>
>> Please be more precise on your original problem. What have you tried and
>> what has failed?
>>
>> The only particularity about the XWiki space is that it has a space-level
>> edit right restriction, allowing only XWikiAdminGroup to edit, but that`s
>> about it so I`m not sure you need to go through the trouble of creating a
>> new login page.
>>
>> Thanks,
>> Eduard
>>
>>
>> I want to work around this by creating a seperate login page with exactly
>>> the same content as the current XWiki login page.
>>> I would like to know if this will pose a security risk or not. I do not
>>> understand why it should but I am asking you to make sure I am not
>>> forgetting anything.
>>>
>>> If you like I can share the procedure with you because I think it can be
>>> an improvement over the current situation.
>>>
>>> Kind regards,
>>> Jan-Paul Kleijn
>>> _______________________________________________
>>> users mailing list
>>> [email protected]
>>> http://lists.xwiki.org/mailman/listinfo/users
>>>
>>> _______________________________________________
>> users mailing list
>> [email protected]
>> http://lists.xwiki.org/mailman/listinfo/users
>>
>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.xwiki.org/mailman/listinfo/users
>
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users
