0

I have a digest authenticate implemented on my application server, in my client, i make a get http request and my server returns the WWW-Authenticate header, with this header in my javascript i do the digest challenge and send it to the server. Everything is ok because i'm testing with CORS, the server and the client aren't in the same origin (all the policies with the Allow headers is running ok). But my problem is when i test it in a same origin context. The browser catch the response of the server and put the typical login window, but i don't want the browser do it.

Anyone know why in the same origin the Browser catch it and paint the window? It'll be avoid somehow?

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Kalamarico
  • 5,466
  • 22
  • 53
  • 70

1 Answers1

0

Like in this link, the problem haven't a good solution. Maybe changing the 401 unauthorized code the browser don't catch and pop up the window.

There is a discussion on code.google in this link, talking about the solution of firefox with the xhr.mozBackgroundRequest = true, but without a solution in Chrome.

I'll change the 401 for another code or i'll change the WWW-Authenticate header for another custom header.

Community
  • 1
  • 1
Kalamarico
  • 5,466
  • 22
  • 53
  • 70