Sending 'Authorization' header in Ext JS Ajax Request, Chrome vs. Firefox

Question

In code the request is sent as:

var ajaxOptions = {
    url: 'someUrl',
    method: 'POST',
    success: function(response) {
        ...
    },
    failure: function(response) {
        console.log(response);
    }
};

    var form = this.getView().getForm();
    var submitAction = Ext.create('Ext.form.action.Submit', { form: form });
    var formInfo = submitAction.buildForm();
    ajaxOptions.form = formInfo.formEl;
    if (form.hasUpload()) {
        ajaxOptions.isUpload = true;
    }
    Ext.Ajax.request(ajaxOptions);

When a request is sent via Chrome, the 'Authorization' header presents:

Authorization:Basic YWRtaW46YWRtaW4=

When it is sent via Firefox, the header is not included. Explicitely I don't set user/password. So it's not clear, why and how chrome sends such header. Are there any known issues? The second, how to force firefox to send such header? Is it possible?

UPDATED JavaScript does not now anything about login/password. The main question, how Chrome can use them, but other browsers cannot send such pair. So the question is how to force other browsers to send this cookie as Chrome does without appling headers manually via JavaScript.

On the server side, the Servlet API is used. in web.xml:

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>someName</realm-name>
</login-config>

if it does matter

score 1 · Answer 1 · answered Jul 20 '15 at 12:40

1

Per the docs, just add a headers property to your ajaxOptions:

ajaxOptions = {
    //...
    headers : {
        'Authorization': 'Basic YWRtaW46YWRtaW4='
    }
}

answered Jul 20 '15 at 12:40

arthurakay

5,631
8
37
62

@arthurokay: JavaScript does not now anything about login/password. The main question, how Chrome can use them, but other browsers cannot send such pair. So the question is how to force other browsers to send this cookie as Chrome does without appling headers manually. – Alexandr Jul 28 '15 at 08:55
If that's the question, then perhaps Chrome has some user/pass cached for that domain. Try running the app in an "incognito" window to verify -- or perhaps try to [clear any user/pass settings](http://stackoverflow.com/questions/5957822/how-to-clear-basic-authentication-details-in-chrome). No browser should send an "Authorization" header unless there are user/pass to send! – arthurakay Jul 28 '15 at 11:30
In other words, I don't think Ext JS is adding that header -- I think the Chrome injects it. – arthurakay Jul 28 '15 at 11:31

Sending 'Authorization' header in Ext JS Ajax Request, Chrome vs. Firefox

1 Answers1