Avoid HTTP auth popup in a chrome extension (digest)

Question

Hey,

I'm currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication.

I'm able to do the auth directly in the ajax request using the https://login:[email protected]/path/to/ressource form.

The issue is : if the login/password is wrong, I can't just get a 401 status (unauthorized), Chrome pops up the regular authentication dialog. Which I don't want cause it's confusing for user and I can't save the credentials from here.

EDIT: Another use-case I faced is : I want to check if a resource is password-protected without trying to provide credentials to actualy access it.

Any ideas on how to catch the 401 without poping the Chrome's auth box ?

Answer 1

I think this is impossible. If you are using the browser's http client then it will prompt the user for credentials on a 401.

EDIT : Over in mozilla land https://developer.mozilla.org/en/XMLHttpRequest check out "mozBackgroundRequest".

Answer 2

It's really seems to be a lack in chrome behavior, other people are wishing to see something as the mozBakgroundRequest Chris highlighted, there already a a bug report for that.

There are (hackish) workarounds suggested by some developers in the bugtracker :

• use a webworker and a timeout to perform the request
• do the same with the background page

In both case, the benefit is that it won't pop an authentication box... But you will never know if it's a real server timeout or a 401. (I didn't tested those workarounds).