Side navigation
#7095 closed bug (invalid)
Opened September 29, 2010 09:05AM UTC
Closed September 29, 2010 10:05PM UTC
.ajax request to another domain does not allow username/password
| Reported by: | tajur | Owned by: | |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.4.3 |
| Component: | ajax | Version: | 1.4.2 |
| Keywords: | http auth, cross-domain | Cc: | |
| Blocked by: | Blocking: |
Description
It appears (tried with Firefox 3.6 on Mac, and with the latest Google Chrome on Mac) jQuery $.ajax() function does not supply HTTP authentification username/password in the ajax request correctly when the request URL is provided as a full URL (e.g. http://www.something.com/something...)
It seems HTTP authentification username and password are *only* taken into consideration when the request URL is given in a relative forrm (e.g. /something/something)
Here's a code that fails:
$(function() {
$.ajax({
url: 'http://api.something.com/1.0/items',
type: 'POST',
dataType: 'json',
data: {
something: 'something'
},
username: 'someone',
password: 'secret',
success: function(response)
{
alert('done!');
},
error: function()
{
alert('failed!');
}
});
});
Assume that the URL provided in the 'url' parameter (http://api.something.com/1.0/items) asks for HTTP authentification (someone:secret).
In all cases, jQuery made the request to that URL, but did not supply username and password with the request, although they were clearly set. However, when I changed the "url" parameter to something like "/1.0/items" (e.g. accessed stuff from the same domain and with a relative URL), everything worked. And oddly enough, even though when I executed this piece of JavaScript on the same domain I provided in the "url" parameter, it still did not supply the username/password in the request.
Attachments (0)
Change History (3)
Changed September 29, 2010 09:07AM UTC by comment:1
Changed September 29, 2010 09:09AM UTC by comment:2
Argh, "should still work" is a wrong term :) What I really mean is that when the example code is copied from here, the bug should be *reproducible*. Thanks, and let me know if any help or more information is needed.
Changed September 29, 2010 10:05PM UTC by comment:3
| resolution: | → invalid |
|---|---|
| status: | new → closed |
Thanks for your report, but this is not a jQuery bug.
jQuery does not care whether a request is relative or absolute as long as it adheres to the same-origin policy. If you violate the same-origin policy, as you are doing here, your AJAX requests will fail. jQuery does not support features that cannot be made to work across all current A-grade browsers.
Sorry about the loss of code formatting in the bug description. When copy-pasting it properly, it should still work, tho.