Skip to main content

Bug Tracker

Side navigation

#7095 closed bug (invalid)

Opened September 29, 2010 09:05AM UTC

Closed September 29, 2010 10:05PM UTC

.ajax request to another domain does not allow username/password

Reported by: tajur Owned by:
Priority: undecided Milestone: 1.4.3
Component: ajax Version: 1.4.2
Keywords: http auth, cross-domain Cc:
Blocked by: Blocking:
Description

It appears (tried with Firefox 3.6 on Mac, and with the latest Google Chrome on Mac) jQuery $.ajax() function does not supply HTTP authentification username/password in the ajax request correctly when the request URL is provided as a full URL (e.g. http://www.something.com/something...)

It seems HTTP authentification username and password are *only* taken into consideration when the request URL is given in a relative forrm (e.g. /something/something)

Here's a code that fails:

$(function() {

$.ajax({

url: 'http://api.something.com/1.0/items',

type: 'POST',

dataType: 'json',

data: {

something: 'something'

},

username: 'someone',

password: 'secret',

success: function(response)

{

alert('done!');

},

error: function()

{

alert('failed!');

}

});

});

Assume that the URL provided in the 'url' parameter (http://api.something.com/1.0/items) asks for HTTP authentification (someone:secret).

In all cases, jQuery made the request to that URL, but did not supply username and password with the request, although they were clearly set. However, when I changed the "url" parameter to something like "/1.0/items" (e.g. accessed stuff from the same domain and with a relative URL), everything worked. And oddly enough, even though when I executed this piece of JavaScript on the same domain I provided in the "url" parameter, it still did not supply the username/password in the request.

Attachments (0)
Change History (3)

Changed September 29, 2010 09:07AM UTC by tajur comment:1

Sorry about the loss of code formatting in the bug description. When copy-pasting it properly, it should still work, tho.

Changed September 29, 2010 09:09AM UTC by tajur comment:2

Argh, "should still work" is a wrong term :) What I really mean is that when the example code is copied from here, the bug should be *reproducible*. Thanks, and let me know if any help or more information is needed.

Changed September 29, 2010 10:05PM UTC by snover comment:3

resolution: → invalid
status: newclosed

Thanks for your report, but this is not a jQuery bug.

jQuery does not care whether a request is relative or absolute as long as it adheres to the same-origin policy. If you violate the same-origin policy, as you are doing here, your AJAX requests will fail. jQuery does not support features that cannot be made to work across all current A-grade browsers.