Ticket #7095 (closed bug: invalid)
.ajax request to another domain does not allow username/password
| Reported by: | tajur | Owned by: | |
|---|---|---|---|
| Priority: | undecided | Milestone: | 1.4.3 |
| Component: | ajax | Version: | 1.4.2 |
| Keywords: | http auth, cross-domain | Cc: | |
| Blocking: | Blocked by: |
Description
It appears (tried with Firefox 3.6 on Mac, and with the latest Google Chrome on Mac) jQuery $.ajax() function does not supply HTTP authentification username/password in the ajax request correctly when the request URL is provided as a full URL (e.g. http://www.something.com/something...)
It seems HTTP authentification username and password are *only* taken into consideration when the request URL is given in a relative forrm (e.g. /something/something)
Here's a code that fails:
$(function() {
$.ajax({
url: ' http://api.something.com/1.0/items',
type: 'POST',
dataType: 'json', data: {
something: 'something'
}, username: 'someone', password: 'secret', success: function(response) {
alert('done!');
}, error: function() {
alert('failed!');
}
});
});
Assume that the URL provided in the 'url' parameter ( http://api.something.com/1.0/items) asks for HTTP authentification (someone:secret).
In all cases, jQuery made the request to that URL, but did not supply username and password with the request, although they were clearly set. However, when I changed the "url" parameter to something like "/1.0/items" (e.g. accessed stuff from the same domain and with a relative URL), everything worked. And oddly enough, even though when I executed this piece of JavaScript on the same domain I provided in the "url" parameter, it still did not supply the username/password in the request.
Change History
comment:2 Changed 3 years ago by tajur
Argh, "should still work" is a wrong term :) What I really mean is that when the example code is copied from here, the bug should be *reproducible*. Thanks, and let me know if any help or more information is needed.
comment:3 Changed 3 years ago by snover
- Status changed from new to closed
- Resolution set to invalid
Thanks for your report, but this is not a jQuery bug.
jQuery does not care whether a request is relative or absolute as long as it adheres to the same-origin policy. If you violate the same-origin policy, as you are doing here, your AJAX requests will fail. jQuery does not support features that cannot be made to work across all current A-grade browsers.
Please follow the bug reporting guidlines and use jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.
Sorry about the loss of code formatting in the bug description. When copy-pasting it properly, it should still work, tho.