Is there a cross-browser way to ignore 401 errors triggered by XHRs?

Question

Attempting to keep as pure of a REST approach as possible, I decided that the application would be the API - down to the last bit.

Unfortunately, I have reached one stumbling block. After writing a Digest authentication handler in PHP, I found myself unable to make the experience as friendly for users in web browsers as an form-based authentication method would be.

The reason for this is that even though I can simulate a Digest authentication response through Javascript, using username and password from a HTML form (I can give the nonce values to the script safely, due to the way they are generated), on failure, the browser still shows the standard, ugly authentication prompt.

Is there any way around this? An earlier question references mozBackgroundRequest, but that seems hardly cross-browser.

Thanks!

Answer 1

You could make a request with AJAX first, to make sure the authentication details provided work.

If they do, do what you have been doing. If they don't, tell the user about it in your own, nicer way...

EDIT

If you control the auth routine in PHP (and if auth fails, presumably doing header('HTTP/1.1 401 Unauthorized'); etc) you can just... not do it. Instead, respond with a normal 200 OK but put a string in the body that you can look for in ajax.responseText (like 'authFailed' or something).

You can just add a header (or a cookie, or something) to the AJAX requests that are not present in normal browser requests, to allow you to distinguish between the AJAX auth checks and a normal, authenticated session.

The exact mechanics are a little fuzzy in my head at the moment (it's been a long day) but I am sure it could be done using that method.