JavaScript Gracefully Handling 401 Not Authorized with Angularjs $http

I am currently working on an problem with a login page for an AngularJS app. The login page uses the $http service to submit the username and password using Basic authentication (Authorization: Basic (username and password in base 64)) to a Web service that may or may not be running on the same server that the webapp is hosted on. If authentication succeeds, the server returns a response with status 200 OK; otherwise, it returns a 401 Not Authorized. We have an error function to gracefully handle this error condition, but before it is even called, the browser by default shows a modal dialog for the user to enter his or her username and password. How can I prevent this?

I've looked at several sources, including the W3 standards for XHR.send(), for help, and my findings show that in Firefox and Chrome, the browser dialog pops up after a 401 response to an XHR call when all of the following are true:

1) The request is "same-origin" (which it is in the cases where the web service is running on the same server that serves the webapp)

2) The response includes the header WWW-Authenticate: Basic [some realm] or WWW-Authenticate: Digest [some realm] (our web service returns the former)

3) The request was not made by specifically setting a username and password in the XHR object whose send() method was called.

I found a test site (which SO won't let me link to) that exhibits the desired behavior for 401 responses (no modal login box). It meets the first two conditions but avoids meeting the third, apparently because it sets the XHR object's username and password by sending them as arguments #4 and 5 to its open() function. I'm not sure if there's any other way to set these properties of the XHR object, since I can't even find them by inspecting the XHR object in a browser's JavaScript debugger.

The problem is that our site's login service doesn't itself call XmlHttpRequest.open() to pass the username and password; instead, it creates the Authorization header itself and passes it in the headers collection of a params object to $http. By inspecting the source of angular.js, I found that $http then proceeds to call open() with only three parameters.

Does Angular provide a way to have $http call the 5-parameter overload of open(), or otherwise prevent this login dialog from showing up? If not, I can only think of a few workarounds:

1) Somehow decorate $http to enforce calling the 5-parameter overload of open() if a username and password are provided

2) Somehow use $httpBackend to achieve the same as #1 (though the documentation discourages developers from using $httpBackend so I'm not sure if this is a good idea or even possible)

3) Ignore $http and have my login service create and send the XHR itself

4) Alter the server so it doesn't return the WWW-Authenticate: Basic header (least desirable)

Is there a well-known or "right" way to work around this problem?

Answer:1

I have this code : var dynamicVarName = id; var percentage = res.parkeren[0].dynamicVarName.percentage; DynamicvarName can have different values, but when i call this in the var percentage it's ...

I have this code : var dynamicVarName = id; var percentage = res.parkeren[0].dynamicVarName.percentage; DynamicvarName can have different values, but when i call this in the var percentage it's ...

I have this component: export class FileFormComponent { _base64: string; handleFile($event){ var input = $event.target; var reader = new FileReader(); reader.onloadend = function() { ...

I have this component: export class FileFormComponent { _base64: string; handleFile($event){ var input = $event.target; var reader = new FileReader(); reader.onloadend = function() { ...

  1. component definition
  2. component to hdmi
  3. component synonym
  4. component form
  5. components of blood
  6. component cable
  7. componentdidupdate
  8. components of fitness
  9. component to hdmi converter
  10. component form of a vector
  11. components of a nucleotide
  12. components of gdp
  13. components of dna
  14. components of physical fitness
  15. component pouch 5e
  16. component speakers
  17. component video
  18. component hardware
  19. components of culture
  20. components of a business plan

After add some conditional class and attribute binding in the template, angular keep those attribute directive in the dom when I check in the dev tool like this <input type="radio" name="gender" ...

After add some conditional class and attribute binding in the template, angular keep those attribute directive in the dom when I check in the dev tool like this <input type="radio" name="gender" ...

  1. prevent rendering angular

I like to generate a coverage report for my typescript source files with karma-coverage. My unit tests are written in javascript and I'm using the Jasmine Test framework. My folder structure looks ...

I like to generate a coverage report for my typescript source files with karma-coverage. My unit tests are written in javascript and I'm using the Jasmine Test framework. My folder structure looks ...