Created
March 9, 2012 18:28
-
-
Save ozten/2007904 to your computer and use it in GitHub Desktop.
Seeding Basic Auth from XHR
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Goal - to "prime the pump" from dev.clortho.mozilla.org Basic Auth from an HTML for that is not restricted to Basic Auth. | |
So the next time a visitor requests a protected resource from dev.clortho.mozilla.org, they will automatically send Basic Auth headers. | |
====== Via XHR ======= | |
GET /protected HTTP/1.1 | |
Host: dev.clortho.mozilla.org | |
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2 | |
Accept: text/html, */*; q=0.01 | |
Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3 | |
Accept-Encoding: gzip, deflate | |
Connection: keep-alive | |
Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0= | |
X-Requested-With: XMLHttpRequest | |
Referer: https://dev.clortho.mozilla.org/browserid/sign_in | |
Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr | |
HTTP/1.1 200 OK | |
X-Powered-By: Express | |
Content-Type: text/html; charset=utf-8 | |
Content-Length: 23 | |
X-Response-Time: 2ms | |
Connection: keep-alive | |
<html><body><h1>Oh, hai | |
====== Direct browsing ======= | |
GET /protected HTTP/1.1 | |
Host: dev.clortho.mozilla.org | |
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0a2) Gecko/20120306 Firefox/12.0a2 | |
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
Accept-Language: en-us,en;q=0.8,es;q=0.5,it-ch;q=0.3 | |
Accept-Encoding: gzip, deflate | |
Connection: keep-alive | |
Cookie: WT_FPC=id=24.17.245.95-1644245824.30209906:lv=1331344388715:ss=1331343731240; wtspl=262192; session_state=wrZPBRbCkSU_KEJ3wqgZw5XCr3I8.w60...wbCvsKXw5kr | |
HTTP/1.1 401 Unauthorized | |
X-Powered-By: Express | |
WWW-Authenticate: Basic realm="Authorization Required" | |
X-Response-Time: 1ms | |
Connection: keep-alive | |
Transfer-Encoding: chunked | |
=================== | |
Note: | |
Authorization: Basic YWtpbsomecrazypasswordvalueherekzcW0= header wasn't automatically sent when we browse directly... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment