When the server responds with 401, onerror and onreadystatechange
returns r.status as 0. It works fine when the server responds with
200. How can i detect 401?
var r = new XMLHttpRequest();
r.open("POST", "http://api.del.icio.us/v1/posts/update", true); //
expects HTTP-Auth which is not provided.
//r.open("POST", "http://google.com", true); //This works fine.
r.onreadystatechange = function() {
console.log("hello inside onreadystatechange");
if (r.readyState == 4) {
console.log("hello onreadystatechange:" + r.status);
}
I investigated it and I think I see a problem, but it isn't what you describe.
When I try this script from an extension page running in a tab, I get
an auth dialog. If I cancel the dialog, the script does indeed see
that the response status is 401.
If I run the script in a background page, the request just times out.
No response ever comes back.
I can see why this is happening in Chromium. Can you confirm this is
what you're seeing, though?
On Thu, Nov 5, 2009 at 3:04 AM, Sibil <sibilsa...@gmail.com> wrote:
> When the server responds with 401, onerror and onreadystatechange
> returns r.status as 0. It works fine when the server responds with
> 200. How can i detect 401?
> var r = new XMLHttpRequest();
> r.open("POST", "http://api.del.icio.us/v1/posts/update", true); //
> expects HTTP-Auth which is not provided.
> //r.open("POST", "http://google.com", true); //This works fine.
> r.onreadystatechange = function() {
> console.log("hello inside onreadystatechange");
> if (r.readyState == 4) {
> console.log("hello onreadystatechange:" + r.status);
> }
> };
> r.onload = function(e) {
> console.log("hello onload");
> };
> r.onerror = function(e) {
> console.log("hello onerror:" + r.status);
> };
> console.log("sending test request");
> r.send("");
Thanks for the quick response. I used to see the timeout behavior, i
wanted to report that, strangely it was no longer happening, instead i
get the status as 0.
I just ran the above script from a background page in Chrome version
4.0.223.11, Please find the output below:
sending test request
hello inside onreadystatechange
hello onreadystatechange:0
hello onerror:0
Luckily now I am getting the timeout behavior as well with an HTTPS
url from the background page.
r.open("POST", "https://api.del.icio.us/v1/posts/update", true); //
Note that it is HTTPS now
--
Sibil Mohammed
On Nov 6, 7:12 am, Aaron Boodman <a...@chromium.org> wrote:
> I investigated it and I think I see a problem, but it isn't what you describe.
> When I try this script from an extension page running in a tab, I get
> an auth dialog. If I cancel the dialog, the script does indeed see
> that the response status is 401.
> If I run the script in a background page, the request just times out.
> No response ever comes back.
> I can see why this is happening in Chromium. Can you confirm this is
> what you're seeing, though?
> - a
> On Thu, Nov 5, 2009 at 3:04 AM, Sibil <sibilsa...@gmail.com> wrote:
> > When the server responds with 401, onerror and onreadystatechange
> > returns r.status as 0. It works fine when the server responds with
> > 200. How can i detect 401?
> Thanks for the quick response. I used to see the timeout behavior, i
> wanted to report that, strangely it was no longer happening, instead i
> get the status as 0.
> I just ran the above script from a background page in Chrome version
> 4.0.223.11, Please find the output below:
> Luckily now I am getting the timeout behavior as well with an HTTPS
> url from the background page.
> r.open("POST", "https://api.del.icio.us/v1/posts/update", true); //
> Note that it is HTTPS now
> --
> Sibil Mohammed
> On Nov 6, 7:12 am, Aaron Boodman <a...@chromium.org> wrote:
> > Hello Sibil, thanks for reporting this.
> > I investigated it and I think I see a problem, but it isn't what you describe.
> > When I try this script from an extension page running in a tab, I get
> > an auth dialog. If I cancel the dialog, the script does indeed see
> > that the response status is401.
> > If I run the script in a background page, the request just times out.
> > No response ever comes back.
> > I can see why this is happening in Chromium. Can you confirm this is
> > what you're seeing, though?
> > - a
> > On Thu, Nov 5, 2009 at 3:04 AM, Sibil <sibilsa...@gmail.com> wrote:
> > > When the server responds with401, onerror and onreadystatechange
> > > returns r.status as 0. It works fine when the server responds with
> > > 200. How can i detect401?
The normal behavior when XHR encounters a site that wants auth is that
it puts up a dialog asking the user for credentials. If we fix this
bug, that is what will happen. Is that what you'd want? Or are you
trying to make it fail?
If you just want it to fail, Could you implement your own timeout
around the call -- say 5 seconds -- as a workaround. If it doesn't
succeed, assume it failed because of auth.
On Thu, Nov 12, 2009 at 1:55 AM, Sibil <sibilsa...@gmail.com> wrote:
> Any updates on this?
> --
> Sibil Mohammed
> On Nov 6, 11:50 am, Sibil <sibilsa...@gmail.com> wrote:
>> Thanks for the quick response. I used to see the timeout behavior, i
>> wanted to report that, strangely it was no longer happening, instead i
>> get the status as 0.
>> I just ran the above script from a background page in Chrome version
>> 4.0.223.11, Please find the output below:
>> Luckily now I am getting the timeout behavior as well with an HTTPS
>> url from the background page.
>> r.open("POST", "https://api.del.icio.us/v1/posts/update", true); //
>> Note that it is HTTPS now
>> --
>> Sibil Mohammed
>> On Nov 6, 7:12 am, Aaron Boodman <a...@chromium.org> wrote:
>> > Hello Sibil, thanks for reporting this.
>> > I investigated it and I think I see a problem, but it isn't what you describe.
>> > When I try this script from an extension page running in a tab, I get
>> > an auth dialog. If I cancel the dialog, the script does indeed see
>> > that the response status is401.
>> > If I run the script in a background page, the request just times out.
>> > No response ever comes back.
>> > I can see why this is happening in Chromium. Can you confirm this is
>> > what you're seeing, though?
>> > - a
>> > On Thu, Nov 5, 2009 at 3:04 AM, Sibil <sibilsa...@gmail.com> wrote:
>> > > When the server responds with401, onerror and onreadystatechange
>> > > returns r.status as 0. It works fine when the server responds with
>> > > 200. How can i detect401?
> You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
> To post to this group, send email to chromium-extensions@googlegroups.com.
> To unsubscribe from this group, send email to chromium-extensions+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=.
On Fri, Nov 13, 2009 at 1:17 AM, Mark Wubben <m...@novemberborn.net> wrote:
> Wouldn't this depend on whether the response contains HTTP Auth headers?
> It'd be very odd if an OAuth request caused a dialog to appear. In fact,
> especially when handling OAuth requests getting the 401 response is the only
> way of knowing whether the access credentials are invalid.
Hi Mark :)
I was only talking about the case where an auth challenge is served
and the browser would typically present a username/password dialog.
This is the situation I thought TOP was in, because it was all I could
reproduce with the sample code. In this case, when XHR is started from
a Chrome extension view (like a background page or popup), Chrome will
drop the request on the floor and never respond. The bug is that the
extension view doesn't know how to create the auth dialog so it does
nothing there.
Is there also an issue when the auth dialog is *not* expected to occur?
> The normal behavior when XHR encounters a site that wants auth is that
> it puts up a dialog asking the user for credentials. If we fix this
> bug, that is what will happen. Is that what you'd want? Or are you
> trying to make it fail?
Wouldn't this depend on whether the response contains HTTP Auth
headers? It'd be very odd if an OAuth request caused a dialog to
appear. In fact, especially when handling OAuth requests getting the
401 response is the only way of knowing whether the access credentials
are invalid.
> I was only talking about the case where an auth challenge is served
> and the browser would typically present a username/password dialog.
> This is the situation I thought TOP was in, because it was all I could
> reproduce with the sample code. In this case, when XHR is started from
> a Chrome extension view (like a background page or popup), Chrome will
> drop the request on the floor and never respond. The bug is that the
> extension view doesn't know how to create the auth dialog so it does
> nothing there.
Right, makes sense.
> Is there also an issue when the auth dialog is *not* expected to
> occur?
Haven't run into it yet, which probably means my OAuth hasn't yet
broken. Will try it out and see what happens.
In my case I am using AJAXy XHR on a background page to interact with
a data service that requires authentication and uses the challenge
digest auth scheme per the http authentication spec (http://
tools.ietf.org/html/rfc2617).
The first XHR request is just used to send the username to the server
and get a nonce and nextnonce to hash with the user's passkey, then I
slap a "Authorize" header onto the next XHR request with the hashed
passkey and send it off... So, in other words, I don't want that
dialog popping up. Mozilla uses XMLHttpRequest.mozBackgroundRequest =
true to make this happen (https://developer.mozilla.org/En/ XMLHttpRequest).
Is there anything in Chromium to make that happen? Is there a use
defined preference or setting that will do the trick?
On Mon, Nov 16, 2009 at 9:58 AM, Kris Walker <kixxa...@gmail.com> wrote:
> Aaron and Mark,
> In my case I am using AJAXy XHR on a background page to interact with
> a data service that requires authentication and uses the challenge
> digest auth scheme per the http authentication spec (http://
> tools.ietf.org/html/rfc2617).
> The first XHR request is just used to send the username to the server
> and get a nonce and nextnonce to hash with the user's passkey, then I
> slap a "Authorize" header onto the next XHR request with the hashed
> passkey and send it off... So, in other words, I don't want that
> dialog popping up. Mozilla uses XMLHttpRequest.mozBackgroundRequest =
> true to make this happen (https://developer.mozilla.org/En/ > XMLHttpRequest).
> Is there anything in Chromium to make that happen? Is there a use
> defined preference or setting that will do the trick?
Unfortunately, I don't think that there is anything like that in
WebKit. It does sound useful, though.
