How can I http-authentication login with javascript for an iframe?

Question

I need to make a page that will

1. Login to a site automatically via http-authentication
2. Show said site with an iframe

I was thinking I could use XHR and specify the login headers directly, and then use javascript to create the iframe. Does this make sense? Will it work?

Answer 1

Due to the same-origin-policy your XHR approach won't work.

However, for HTTP authentication you can simply include the data in the url, i.e. the src of the <iframe>:

<iframe src="http://username:password@domain.tld/..."></iframe>

I think I don't have to mention that this should not be done if the login credentials are sensitive - they are likely to show up in the browser history.