Comments on: Handling Permissions for AJAX Requests http://blog.thefrontiergroup.com.au/2008/12/handling-permissions-for-ajax-requests/ Your peek inside the collective mind of The Frontier Group Tue, 08 May 2012 03:28:54 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Matze http://blog.thefrontiergroup.com.au/2008/12/handling-permissions-for-ajax-requests/comment-page-1/#comment-2844 Matze Thu, 19 May 2011 15:57:36 +0000 http://thefrontiergroup.com.au/blog/?p=248#comment-2844 Thanks a lot, exactly what I need Thanks a lot, exactly what I need

]]> By: Ted McFadden http://blog.thefrontiergroup.com.au/2008/12/handling-permissions-for-ajax-requests/comment-page-1/#comment-149 Ted McFadden Tue, 03 Feb 2009 01:01:43 +0000 http://thefrontiergroup.com.au/blog/?p=248#comment-149 Follow up on the browser popping up the authentication dialog: The browser will only pop up the dialog if it understands the <b>WWW-authenticate</b> header that is returned from the server (usually BASIC or DIGEST). If this is the case, the javascript never sees the 401 from an ajax call. If WWW-Authenticate defines another scheme, (or is missing?) the 401 will be passed back up to the javascript and you can handle it in code yourself. Follow up on the browser popping up the authentication dialog:

The browser will only pop up the dialog if it understands the
WWW-authenticate header that is returned from the server (usually BASIC or DIGEST). If this is the case, the javascript never sees the 401 from an ajax call.

If WWW-Authenticate defines another scheme, (or is missing?) the 401 will be passed back up to the javascript and you can handle it in code yourself.

]]> By: aaron http://blog.thefrontiergroup.com.au/2008/12/handling-permissions-for-ajax-requests/comment-page-1/#comment-122 aaron Mon, 05 Jan 2009 15:39:54 +0000 http://thefrontiergroup.com.au/blog/?p=248#comment-122 That's how a browser handles a 401 response for the user. In this case I am handling a 401 for an asynchronous call made by the script itself. I guess the way I would think about it is that if I request a page that I am not authorised for the http response status code is 401. Upon receiving this the browser prompts <em>me</em> for a username and password. However if the script requests a page that the user isn't authorised to access then the response code is 401 and it's up to the <em>script</em> to handle it. Providing a username and password dialog box to a script isn't too useful :) I hope this helps. That’s how a browser handles a 401 response for the user. In this case I am handling a 401 for an asynchronous call made by the script itself.

I guess the way I would think about it is that if I request a page that I am not authorised for the http response status code is 401. Upon receiving this the browser prompts me for a username and password. However if the script requests a page that the user isn’t authorised to access then the response code is 401 and it’s up to the script to handle it. Providing a username and password dialog box to a script isn’t too useful :)

I hope this helps.

]]> By: blinds http://blog.thefrontiergroup.com.au/2008/12/handling-permissions-for-ajax-requests/comment-page-1/#comment-121 blinds Mon, 05 Jan 2009 11:29:39 +0000 http://thefrontiergroup.com.au/blog/?p=248#comment-121 How do you manage not to get the "enter your password"-dialog every browser shows on a 401 error? How do you manage not to get the “enter your password”-dialog every browser shows on a 401 error?

]]>