Re: [Xsltforms-support] Basic authentication strategies

[Javier Diaz Estebaranz(UST, ES) via Xsltforms-support]

Hello,

you can set headers in a submission with xsltforms, with something similar to:

                <xf:submission id="send_authorized_req" method="get" 
replace="instance" instance="---instance name ---" resource="---url---" 
mode="synchronous">
                    <xf:header>
                        <xf:name>Authorization</xf:name>
                        <xf:value>Basic: ----credential---</xf:value>
                    </xf:header>
                </xf:submission>

where ----credential--- is the user+password in base64 encoding 
(https://en.wikipedia.org/wiki/Basic_access_authentication).

I don't know if you can set headers in <xf:instance src="---url---"/> request 
(I haven't seen anything about it), but you can force a submission when page is 
finishing to load, so I think it could work for you something like this:

                    <xf:action ev:event="xforms-ready">
                        <xf:send submission="send_authorized_req"/>
                    </xf:action>

Best Regards,
Javier

El 4/10/23 a las 15:11, Richard Light escribió:

EXTERNAL EMAIL - Do not click any links or open any attachments unless you 
trust the sender and know the content is safe.

Our XForms application is pulling in various resources which are protected by 
Basic authentication. Given that XForms simply offers the src="XXX" syntax for 
accessing these external resources, what do people do/advise?

I can make it work by using the syntax:

http(s)://[username]:[password]@[requested URL]

(although my colleague gets a "401 (Unauthorised)" error for exactly the same 
URL), but this is surely a massive security hole, since the username and 
password are sitting there in full view in the XForms document.

Any thoughts or advice welcome!

Richard

--
________________________________
Richard Light
richardlight...@gmail.com<mailto:richardlight...@gmail.com>
@richardofsussex




_______________________________________________
Xsltforms-support mailing list
Xsltforms-support@lists.sourceforge.net<mailto:Xsltforms-support@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/xsltforms-support



BEGIN:VCARD
VERSION:4.0
EMAIL;PREF=1:javier.diazestebar...@ust.com
FN:Javier Díaz Estebaranz
ORG:UST;T&T
TITLE:Jefe de Proyecto
N:Díaz Estebaranz;Javier;;;
ADR:;;Calle Santa Leonor\, 65. Edificio G;Madrid;Madrid;28037;España
TEL;TYPE=work;VALUE=TEXT:618 065 652
URL;TYPE=work;VALUE=URL:https://ust.com
UID:765589ef-954b-4307-8359-015b2e94b263
TEL;TYPE=work;VALUE=TEXT:914 06 27 00
END:VCARD


_______________________________________________
Xsltforms-support mailing list
Xsltforms-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xsltforms-support