Opened 12 years ago
Closed 12 years ago
#7095 closed bug (invalid)
.ajax request to another domain does not allow username/password
Reported by: | tajur | Owned by: | |
---|---|---|---|
Priority: | undecided | Milestone: | 1.4.3 |
Component: | ajax | Version: | 1.4.2 |
Keywords: | http auth, cross-domain | Cc: | |
Blocked by: | Blocking: |
Description
It appears (tried with Firefox 3.6 on Mac, and with the latest Google Chrome on Mac) jQuery $.ajax() function does not supply HTTP authentification username/password in the ajax request correctly when the request URL is provided as a full URL (e.g. http://www.something.com/something...)
It seems HTTP authentification username and password are *only* taken into consideration when the request URL is given in a relative forrm (e.g. /something/something)
Here's a code that fails:
$(function() {
$.ajax({
type: 'POST',
dataType: 'json', data: {
something: 'something'
}, username: 'someone', password: 'secret', success: function(response) {
alert('done!');
}, error: function() {
alert('failed!');
}
});
});
Assume that the URL provided in the 'url' parameter (http://api.something.com/1.0/items) asks for HTTP authentification (someone:secret).
In all cases, jQuery made the request to that URL, but did not supply username and password with the request, although they were clearly set. However, when I changed the "url" parameter to something like "/1.0/items" (e.g. accessed stuff from the same domain and with a relative URL), everything worked. And oddly enough, even though when I executed this piece of JavaScript on the same domain I provided in the "url" parameter, it still did not supply the username/password in the request.
Change History (3)
comment:1 Changed 12 years ago by
comment:2 Changed 12 years ago by
Argh, "should still work" is a wrong term :) What I really mean is that when the example code is copied from here, the bug should be *reproducible*. Thanks, and let me know if any help or more information is needed.
comment:3 Changed 12 years ago by
Resolution: | → invalid |
---|---|
Status: | new → closed |
Thanks for your report, but this is not a jQuery bug.
jQuery does not care whether a request is relative or absolute as long as it adheres to the same-origin policy. If you violate the same-origin policy, as you are doing here, your AJAX requests will fail. jQuery does not support features that cannot be made to work across all current A-grade browsers.
Sorry about the loss of code formatting in the bug description. When copy-pasting it properly, it should still work, tho.