Thu Oct 28 20:22:24 UTC 2010 pix@kepibu.org

* *ahem* Use the correct input type for the username text box.

-<label for='theusername'>Username: <input type='textbox' name='username' id='theusername'></label>

+<label for='theusername'>Username: <input type='text' name='username' id='theusername'></label>

Thu Oct 28 00:01:20 UTC 2010 pix@kepibu.org

* Protect hasFeature call.

- if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))

+ if (document.implementation &&

+ document.implementation.hasFeature &&

+ document.implementation.hasFeature("HTTPFormAuth", "1.0"))

Wed Oct 27 23:48:14 UTC 2010 pix@kepibu.org

* Switch to hasFeature(), which seems perfectly suited for this.

- if (this.className.match(/(\\s|^)natively-supported(\\s|$)/))

+ if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))

-Instead, I propose that any browser which supports form-based HTTP Auth should

-add the class 'natively-supported' to forms requesting http authentication.

-This will allow sites to easily detect native support and avoid running their

-own JavaScript-based form-to-http-auth translators.

+Instead, it seems prudent to utilize the DOMImplementation hasFeature function.

+Thus, I propose a feature name of "HTTPFormAuth" and a version of "1.0".

Wed Oct 27 23:21:30 UTC 2010 pix@kepibu.org

* Prevent caching of ajax-login.php

+ header('WWW-Authenticate: Basic Realm="Form-Based HTTP Auth Test"', false, 200);

+

+/* no caching */

+header('Pragma: no-cache');

+header('Cache-Control: no-cache');

Wed Oct 27 22:01:20 UTC 2010 pix@kepibu.org

* Mention hanging on synchronous requests

+

+ var form = this;

+ /* synchronous hangs some browsers temporarily. :/ */

+ },

+ error: function (xhr, status, err) {

+ authed = false;

+ },

+ complete: function (xhr, status) {

+ /* Don't send username and password if we successfully managed to auth via HTTP */

+ if (authed) {

+ form.username.parentNode.removeChild(form.username);

+ form.password.parentNode.removeChild(form.password);

+ }

- /* Don't send username and password if we successfully managed to auth via HTTP */

- if (authed) {

- this.username.parentNode.removeChild(this.username);

- this.password.parentNode.removeChild(this.password);

- }

+

+ /* This is the only way to get browsers to submit the form exactly as

+ the user did, which is why we aren't using async above. */

Wed Oct 27 19:56:56 UTC 2010 pix@kepibu.org

* Eliminate unused code.

- /* Force the browser to clear the auth credentials. */

- /*

- var xhr = $.ajax({

- url: "/ajax-login.php",

- async: true,

- global: false,

- username: "-",

- password: "-",

- dataType: "text"

- });

- xhr.abort();

- */

Wed Oct 27 19:47:16 UTC 2010 pix@kepibu.org

* Don't use the hasClass function.

- function hasClass(node,className) {

- return node.className.match(new RegExp('(\\s|^)'+className+'(\\s|$)'));

- }

Wed Oct 27 04:40:07 UTC 2010 pix@kepibu.org

* Update for nicer html export

-* Site-Controlled HTTP Authentication UI

-** Motivation

+#+TITLE: Site-Controlled HTTP Authentication UI

+* Motivation

-** Proposal

-*** HTML Forms

+* Proposal

+** HTML Forms

-*** Changes to RFC 2617

+** Changes to RFC 2617

-*** Stopgap Measure

+** Stopgap Measure

-*** Working with the Stopgap Measure in Browsers that Support This Spec

+** Working with the Stopgap Measure in Browsers that Support This Spec

-*** Logging Out

+** Logging Out

-** References

+* References

-// LocalWords: php

+LocalWords: php

Wed Oct 27 04:26:47 UTC 2010 pix@kepibu.org

* Fix repo url

-: darcs get http://code.kepibu.org/httpauth/

+: darcs get http://repo.kepibu.org/httpauth/