Is There A Way For Chrome Packaged Apps To Handle Http Basicauthentication

I'm building a Chrome packaged app called Git Crx and as the name suggests it needs to go network requests to and from remote git repos using HTTPS (smart protocol) BUT if you atte

Solution 1:

So in researching to write this question well, I found my answer myself...

First based on getting back a 401 as the status from the XHR response, I can set the Authorization header to do authentication, heres code in the form of a QUnit test case:

  asyncTest("check can do Basic Auth XHR", function() {
   expect(1);

   var authCreds = "maks:s3cret";
   var oReq = new XMLHttpRequest();

   function reqListener () {
      if (this.status == 200) {
        equal(this.responseText.trim(), "the secret", "expect correct res text from server");
        start();    
      } elseif (this.status == 401) {
          oReq = new XMLHttpRequest();
          oReq.onload = reqListener;
          oReq.open("get", "http://acme.test.com/auth-test", true);
          oReq.setRequestHeader("Authorization", "Basic "+btoa(authCreds));
          oReq.send();
      }
    }

    oReq.onload = reqListener;
    oReq.open("get", "http://acme.test.com/auth-test", true);
    oReq.send();
});

But that is making an assumption that the scheme is Basic but it could be Digest or NTLM, so you also need to parse the response header as well...

var authType = oReq.getResponseHeader('WWW-Authenticate');
// do auth based on type...

Hope this helps others in the same boat in the future...