避免 Chrome 扩展中的 HTTP 身份验证弹出窗口(摘要)
我目前正在开发一个 chrome 扩展,我需要访问一些受 http-auth 保护的资源(webdav)。 HTTP 身份验证使用(在最好的情况下)摘要身份验证。
我可以使用 https://login: 直接在 ajax 请求中进行身份验证: [电子邮件受保护]/path/to/ressource 表单。
问题是:如果登录/密码错误,我不能只得到 401 状态(未经授权),Chrome 会弹出常规身份验证对话框。我不希望这样做,因为它会让用户感到困惑,而且我无法从这里保存凭据。
编辑:我面临的另一个用例是:我想检查资源是否受密码保护,而不尝试提供实际访问它的凭据。
关于如何在不弹出 Chrome 身份验证框的情况下捕获 401 的任何想法吗?
I'm currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication.
I'm able to do the auth directly in the ajax request using the https://login:[email protected]/path/to/ressource form.
The issue is : if the login/password is wrong, I can't just get a 401 status (unauthorized), Chrome pops up the regular authentication dialog. Which I don't want cause it's confusing for user and I can't save the credentials from here.
EDIT: Another use-case I faced is : I want to check if a resource is password-protected without trying to provide credentials to actualy access it.
Any ideas on how to catch the 401 without poping the Chrome's auth box ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
Google Chrome 团队已在 Google Chrome 22 中实现了 onAuthRequired 事件,因此现在可以检测何时需要 HTTP 基本身份验证。
事实上,我编写了一个扩展,它使用 onAuthRequired 事件自动发送 HTTP 基本身份验证凭据。
它可以在 Google Chrome 官方网络商店免费获得:
https://chrome.google.com/webstore/detail/basic-authentication -auto/dgpgkkfheijbcgjklcbnokoleebmeokn
onAuthRequired 事件的使用示例:
您需要向清单文件添加正确的权限才能使用 onAuthRequired。
下载扩展并检查源代码以获得更好的方法。
即使请求是从另一个分机发起的,它也应该起作用。
Google Chrome teams has implented the onAuthRequired event in Google Chrome 22, so now is possible detect when the HTTP Basic Authentication is required.
In fact I wrote a extension that automatically sends the HTTP Basic Authentication credentials using the onAuthRequired event.
It is available for free in the official Google Chrome web store:
https://chrome.google.com/webstore/detail/basic-authentication-auto/dgpgkkfheijbcgjklcbnokoleebmeokn
Usage example of onAuthRequired event:
You need to add the right permissions to the manifest file in order to use the onAuthRequired.
Download the extensions and check the source code for a better approach.
It should work even if the request was initiated from another extension.
这似乎确实是 Chrome 行为的缺失,其他人希望看到 Chris 强调的 mozBakgroundRequest 的内容,已经有 相关错误报告。
bugtracker 中的一些开发人员建议了一些(hackish)解决方法:
在这两种情况下,好处是它不会弹出身份验证框...但你永远不会知道这是真正的服务器超时还是 401。(我没有测试这些解决方法)。
It's really seems to be a lack in chrome behavior, other people are wishing to see something as the mozBakgroundRequest Chris highlighted, there already a a bug report for that.
There are (hackish) workarounds suggested by some developers in the bugtracker :
In both case, the benefit is that it won't pop an authentication box... But you will never know if it's a real server timeout or a 401. (I didn't tested those workarounds).
我认为这是不可能的。如果您使用浏览器的 http 客户端,那么它将提示用户输入 401 凭据。
编辑:在 mozilla land https://developer.mozilla.org/en/XMLHttpRequest 查看“mozBackgroundRequest”。
I think this is impossible. If you are using the browser's http client then it will prompt the user for credentials on a 401.
EDIT : Over in mozilla land https://developer.mozilla.org/en/XMLHttpRequest check out "mozBackgroundRequest".