Same origin and CORS with WWW-Authenticate header
Question
I have a digest authenticate implemented on my application server, in my client, i make a get http request and my server returns the WWW-Authenticate header, with this header in my javascript i do the digest challenge and send it to the server. Everything is ok because i'm testing with CORS, the server and the client aren't in the same origin (all the policies with the Allow headers is running ok). But my problem is when i test it in a same origin context. The browser catch the response of the server and put the typical login window, but i don't want the browser do it.
Anyone know why in the same origin the Browser catch it and paint the window? It'll be avoid somehow?
1 answers
solution1
0 ACCPTED 2012-07-26 09:44:42
Like in this link , the problem haven't a good solution. Maybe changing the 401 unauthorized code the browser don't catch and pop up the window.
There is a discussion on code.google in this link , talking about the solution of firefox with the xhr.mozBackgroundRequest = true, but without a solution in Chrome.
I'll change the 401 for another code or i'll change the WWW-Authenticate header for another custom header.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.