1

I am trying to authenticate to the Jazz server using pure Javascript. I am supposed to be able to do a GET onhttps://myserver:9444/qm/authenticated/j_security_check?j_username=foo&j_password=bar . (same behavior on a POST as well)

This works fine in Ff plugin Poster - if I provide a dummy user-agent header. However, in the JS code I am writing (using dojo.xhrGet), I am getting a 400 - bad request, mostly because the heager is saying Chrome, with a response HTML stating - You have followed a direct link to log in to a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. If you would like to log in to the server, please use the link below.

The problem I have hit is - I am unable to override the user-agent header in teh dojo.xhrGet since it s a protected header and you get a Refused to set unsafe header "user-agent if you try to override it with some value like "api".

How do I get around this catch 22?

Ajay Chebbi
  • 171
  • 8

1 Answers1

1

You cannot change the User-Agent header for XMLHttpRequest. See this SO question.

If you want to authenticate to a Jazz server, you should use dojo.xhrPost to send a HTTP POST request to the form authentication url.

dojo.xhrPost({
   url: '/qm/authenticated/j_security_check',
   data: {
     j_username: 'foo',
     j_password: 'bar'
   }
})
Community
  • 1
  • 1
Fu Cheng
  • 3,385
  • 1
  • 21
  • 24
  • 3
    POST does not work either get the same HTML document back which says `You have followed a direct link to log in to a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. If you would like to log in to the server, please use the link below.` – Ajay Chebbi Sep 24 '13 at 16:20