Why does a browser dialog come up when an xmlhttprequest sends the wrong / no auth?

Posted by Kyle on Server Fault See other posts from Server Fault or by Kyle
Published on 2009-07-25T01:58:54Z Indexed on 2010/04/10 10:03 UTC
Read the original article Hit count: 371

Filed under:
|
|

How come the major browsers all bring up a login dialog when an xmlhttprequest does auth wrong or doesn't send it? I mean isn't this poor UI? Now a days it seems like a lot of people try http auth in jQuery, because theoretically it is quite easy - until the user fails to enter the correct data and is presented with the browsers dialog, which gets in their way, and they might have no idea what to do with it or why it's there? I don't know too much about these low level browser specifications but can someone bring this up with the RFC or webkit/gecko developers? jQuery digest auth could be powerful and user friendly if this was fixed.

** It seems like apache could also fix the problem on their side by not sending the header, but whichever one is the most secure way of doing this would be nice.

© Server Fault or respective owner

Related posts about apache

Related posts about browsers