Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-495

Authentication Schemes should avoid dialog box when performing Ajax Requests

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Major Major
    • PLINK_2.6.0.CR5
    • PLINK_2.6.0.CR4
    • BASE
    • None

      The authc dialog box is displayed every time the authentication fails when using AJAX + BASIC or DIGEST.

      This happens due to the 401 http status code which forces the browser to show the authc dialog box. This is more like a Google Chrome behavior. In Firefox the dialog is never show.

      Given that, the idea is check the presence of the X-Requested-With header to decide whether the requests cames from XHR or not. If so, respond with a 403 instead of 401.

      In this case, 403 means that the client was forbidden by the server due to invalid credentials. As suggested by the WWW-Authenticate header.

            psilva@redhat.com Pedro Igor Craveiro
            psilva@redhat.com Pedro Igor Craveiro
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: