Geek Answers Handbook

JQuery HTTP Authentication

Using jQuery, I call the Version One Rest API and must authenticate the user in the HTTP header.

I tried

$.ajax({ dataType: "jsonp", beforeSend: function(xhr){ xhr.setRequestHeader("Authorization", "Basic xyz"); // xyz usr:pwd Base64 encoded }, url: "https://www10.v1host.com/.../VersionOne/rest-1.v1/...", success: function(data, status, xhr) { alert("Load was performed."); } });

and

 $.ajax({ dataType: "jsonp", username:"usr", password:"pwd", url: "https://www10.v1host.com/.../VersionOne/rest-1.v1/...", success: function(data, status, xhr) { alert("Load was performed."); } });

But I always pop up asking for my credentials (I use Chrome). Even when I enter the credentials in a popup, I am not authenticated and the window continues to show.

  • How to authenticate a user using jQuery in HTTP headers?
  • Is there a way to make the encrypted password invisible? Or Base64 is the only way. I want to access the server through only one account, but I do not want users on the client side to see the password (or find it in javascripts).
+7
source share
1 answer

This is not entirely impossible, just a little inconvenient. You can proxy all AJAX through your own server as follows:

  • Your JavaScript communicates with your server through AJAX.
  • The server sets up the https://www10.v1host.com/.../VersionOne/rest-1.v1/... with the corresponding base auth headers (or any other authentication you should use).
  • Your server sends a response to your script in the same way that www10.v1host.com sent it to your server.

Thus, the password remains invisible under your control on the server, and the client code receives the same API as from www10.v1host.com . There may be a little lag in this approach, but it should be manageable.

Of course, you still need to consider the authorization process between the browser and your server, but you should be able to use everything that you already have (possibly cookies and old old accounts).

You will also want to test this technique on an API to make sure you play well.

+4
source

More articles:


All Articles