I am attempting to use XMLHTTPRequest to get an update on twitter.
var XMLReq = new XMLHttpRequest();
XMLReq.open("GET", "http://twitter.com/account/verify_credentials.json", false, "TestAct", "password");
XMLReq.send(null);
However, using my sniffer I cannot see any authorization headers being passed through. Hence, I get a 401 error response from Twitter.
The account and password are correctly entered.
Anyone attempt this? Can anyone give me some pointers? Thank you.
You just need to add a Authorization header, an user name and password in a base64 encoded string as follows.
XMLReq.setRequestHeader("Authorization", "Basic " + btoa("username:password"));
In cross-origin requests, you have to explicitly set the withCredentials flag if you want user credentials to be sent.
See http://www.w3.org/TR/XMLHttpRequest/#the-withcredentials-attribute (where user credentials includes HTTP authentication)
Due to the Origin policy, you cannot make a XMLHttpRequest from your domain to another domain. E.g. you cannot use http://twitter.com/... URLs unless your script was loaded from twitter.com. If your script is loaded from http://localhost/, the AJAX request also need to go to localhost.
来源:https://stackoverflow.com/questions/1652178/basic-authentication-with-xmlhttprequest