views:

217

answers:

0

I'm using HTTP Basic Authentication with AJAX requests. Firefox 3 is a whiner and always displays a dialog box for failed credentials -- even though I don't want one.

This question summarizes some of the browser and JS issues; you'll notice it's unresolved on the client side. Luckily, I have at least some freedom to change the server -- I can modify my .htaccess file.

Basically, whenever Firefox sees the WWW-Authenticate header, it tries to authenticate again. Can I suppress that header only for AJAX requests by modifying my .htaccess file? If so, how? I can pass a custom header in my XHR request if necessary.

Here's what it looks like currently:

AuthType Basic
AuthUserFile /www/private/.htpasswd
AuthName "Private Collection"
require valid-user