ozten/same_domain_auth.txt

## same_domain_auth.txt
Goal - to "prime the pump" from dev.clortho.mozilla.org Basic Auth from an HTML for that is not restricted to Basic Auth.
So the next time a visitor requests a protected resource from dev.clortho.mozilla.org, they will automatically send Basic Auth headers.

====== Via XHR =======
GET /protected HTTP/1.1
Host: dev.clortho.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0=
X-Requested-With: XMLHttpRequest
Referer: https://dev.clortho.mozilla.org/browserid/sign_in
Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr


HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 23
X-Response-Time: 2ms
Connection: keep-alive

<html><body><h1>Oh, hai

====== Direct browsing =======

GET /protected HTTP/1.1
Host: dev.clortho.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
WWW-Authenticate: Basic realm="Authorization Required"
X-Response-Time: 1ms
Connection: keep-alive
Transfer-Encoding: chunked

===================
Note:
Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0= header wasn't automatically sent when we browse directly...
	Goal - to "prime the pump" from dev.clortho.mozilla.org Basic Auth from an HTML for that is not restricted to Basic Auth.
	So the next time a visitor requests a protected resource from dev.clortho.mozilla.org, they will automatically send Basic Auth headers.

	====== Via XHR =======
	GET /protected HTTP/1.1
	Host: dev.clortho.mozilla.org
	User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2
	Accept: text/html, /; q=0.01
	Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3
	Accept-Encoding: gzip, deflate
	Connection: keep-alive
	Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0=
	X-Requested-With: XMLHttpRequest
	Referer: https://dev.clortho.mozilla.org/browserid/sign_in
	Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr


	HTTP/1.1 200 OK
	X-Powered-By: Express
	Content-Type: text/html; charset=utf-8
	Content-Length: 23
	X-Response-Time: 2ms
	Connection: keep-alive

	<html><body><h1>Oh, hai

	====== Direct browsing =======

	GET /protected HTTP/1.1
	Host: dev.clortho.mozilla.org
	User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
	Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3
	Accept-Encoding: gzip, deflate
	Connection: keep-alive
	Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr

	HTTP/1.1 401 Unauthorized
	X-Powered-By: Express
	WWW-Authenticate: Basic realm="Authorization Required"
	X-Response-Time: 1ms
	Connection: keep-alive
	Transfer-Encoding: chunked

	===================
	Note:
	Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0= header wasn't automatically sent when we browse directly...