开发者

HTTP digest authentication for AJAX requests

开发者 https://www.devze.com 2023-02-08 11:24 出处:网络
Hey SO, so I\'ve got an API I\'m making calls to in a browser application. Said API lives on a server that requires whitelisting and HTTP Digest Authentication.

Hey SO, so I've got an API I'm making calls to in a browser application. Said API lives on a server that requires whitelisting and HTTP Digest Authentication.

To meet the whitelisting requirement, I'm running all API calls through a proxy, which is whitelisted. The calls are originating from an iFrame, currently populated by an index.html file.

What I need to know is how I can authenticate via HTTP Digest in the background. Most of the resources I can find online seem to involve the original HTTP Digest Authentication setup, but what I'm looking to do is automate login.

Despite the non-secretive subject matter, it is somehow critical that I keep the digest parameters obfuscated from users. Perhaps I could change the served file to index.php and then somehow set the magic headers? Even then, if the calls made via XHR, would the index.php headers authenticate the separate request?

Overall, I'm just lost, and the API developers in question are not exactly responsive, so thought I'd turn here.开发者_JAVA百科


It appears that in the end, this was not possible. I had to switch to building a thin back-end to route requests through.

0

精彩评论

暂无评论...
验证码 换一张
取 消