问题
I'm building a Chrome packaged app called Git Crx and as the name suggests it needs to go network requests to and from remote git repos using HTTPS (smart protocol) BUT if you attempt to do an XHR request to a url that returns 401, the XHR will fail without using the normal browser credentials machinery whereas previously packaged apps would show the browsers normal credentials request UI.
Now I think that does makes sense to me now, as Chrome Apps are supposed to be stand alone apps and not just webpages, they just happen to use the Chrome as a runtime.
But then the question is how do Chrome Apps now deal with authentication for sites that use normal http authentication (return 401 status code) instead of using OAuth which is supported by the authentication APIs available to Chrome apps?
回答1:
So in researching to write this question well, I found my answer myself...
First based on getting back a 401 as the status from the XHR response, I can set the Authorization header to do authentication, heres code in the form of a QUnit test case:
asyncTest("check can do Basic Auth XHR", function() {
expect(1);
var authCreds = "maks:s3cret";
var oReq = new XMLHttpRequest();
function reqListener () {
if (this.status == 200) {
equal(this.responseText.trim(), "the secret", "expect correct res text from server");
start();
} else if (this.status == 401) {
oReq = new XMLHttpRequest();
oReq.onload = reqListener;
oReq.open("get", "http://acme.test.com/auth-test", true);
oReq.setRequestHeader("Authorization", "Basic "+btoa(authCreds));
oReq.send();
}
}
oReq.onload = reqListener;
oReq.open("get", "http://acme.test.com/auth-test", true);
oReq.send();
});
But that is making an assumption that the scheme is Basic but it could be Digest or NTLM, so you also need to parse the response header as well...
var authType = oReq.getResponseHeader('WWW-Authenticate');
// do auth based on type...
Hope this helps others in the same boat in the future...
来源:https://stackoverflow.com/questions/23798304/is-there-a-way-for-chrome-packaged-apps-to-handle-http-basicauthentication