Bug Tracker

Opened 9 years ago

Closed 9 years ago

#7095 closed bug (invalid)

.ajax request to another domain does not allow username/password

Reported by: tajur Owned by:
Priority: undecided Milestone: 1.4.3
Component: ajax Version: 1.4.2
Keywords: http auth, cross-domain Cc:
Blocked by: Blocking:

Description

It appears (tried with Firefox 3.6 on Mac, and with the latest Google Chrome on Mac) jQuery $.ajax() function does not supply HTTP authentification username/password in the ajax request correctly when the request URL is provided as a full URL (e.g. http://www.something.com/something...)

It seems HTTP authentification username and password are *only* taken into consideration when the request URL is given in a relative forrm (e.g. /something/something)

Here's a code that fails:

$(function() {

$.ajax({

url: 'http://api.something.com/1.0/items',

type: 'POST',

dataType: 'json', data: {

something: 'something'

}, username: 'someone', password: 'secret', success: function(response) {

alert('done!');

}, error: function() {

alert('failed!');

}

});

});

Assume that the URL provided in the 'url' parameter (http://api.something.com/1.0/items) asks for HTTP authentification (someone:secret).

In all cases, jQuery made the request to that URL, but did not supply username and password with the request, although they were clearly set. However, when I changed the "url" parameter to something like "/1.0/items" (e.g. accessed stuff from the same domain and with a relative URL), everything worked. And oddly enough, even though when I executed this piece of JavaScript on the same domain I provided in the "url" parameter, it still did not supply the username/password in the request.

Change History (3)

comment:1 Changed 9 years ago by tajur

Sorry about the loss of code formatting in the bug description. When copy-pasting it properly, it should still work, tho.

comment:2 Changed 9 years ago by tajur

Argh, "should still work" is a wrong term :) What I really mean is that when the example code is copied from here, the bug should be *reproducible*. Thanks, and let me know if any help or more information is needed.

comment:3 Changed 9 years ago by snover

Resolution: invalid
Status: newclosed

Thanks for your report, but this is not a jQuery bug.

jQuery does not care whether a request is relative or absolute as long as it adheres to the same-origin policy. If you violate the same-origin policy, as you are doing here, your AJAX requests will fail. jQuery does not support features that cannot be made to work across all current A-grade browsers.

Note: See TracTickets for help on using tickets.