Closed maciex closed 8 years ago
maciex
commented
8 years ago This stackoverflow topic seems to provide a solution
In Mozilla land, setting the mozBackgroundRequest parameter of XMLHttpRequest (docs) to true suppresses those dialogs and causes the requests to simply fail. However, I don't know how good cross-browser support is (including whether the the quality of the error info on those failed requests is very good across browsers.)
maciex
commented
8 years ago XMLHttpRequest Level 1 documentation clears some unknown areas.
According to the doc sending "Authorization: Basic" header should fix the problem:
If the user agent supports HTTP Authentication and Authorization is not in the list of author request headers, it should consider requests originating from the XMLHttpRequest object to be part of the protection space that includes the accessed URIs and send Authorization headers and handle 401 Unauthorized requests appropriately.
If authentication fails, source origin and the request URL are same origin, Authorization is not in the list of author request headers, request URL's username is the empty string and request URL's password is null, user agents should prompt the end user for their username and password.
Otherwise, if authentication fails, user agents must not prompt the end user for their username and password. [HTTPAUTH]
Unfortunately end users are prompted because of legacy content constraints. However, when possible this behavior is prohibited, as it is bad UI. E.g. that is why the same origin restriction is made above.
maciex
commented
8 years ago Looks like the fix broke the proper login.... reopening
maciex
commented
8 years ago Sending "anonymous" username even when user did not supply credentials fixes the problem.
When user does not supply credentials in addon settings, but kodi requires password to connect, credentials are requested every time user opens addon window.