Don't use the hasClass function. --> to head
Thu Oct 28 20:22:24 UTC 2010 pix@kepibu.org
* *ahem* Use the correct input type for the username text box.
hunk ./login.php 48
-<label for='theusername'>Username: <input type='textbox' name='username' id='theusername'></label>
+<label for='theusername'>Username: <input type='text' name='username' id='theusername'></label>
Thu Oct 28 00:01:20 UTC 2010 pix@kepibu.org
* Protect hasFeature call.
hunk ./form-to-http-auth.js 4
- if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))
+ if (document.implementation &&
+ document.implementation.hasFeature &&
+ document.implementation.hasFeature("HTTPFormAuth", "1.0"))
Wed Oct 27 23:48:14 UTC 2010 pix@kepibu.org
* Switch to hasFeature(), which seems perfectly suited for this.
hunk ./form-to-http-auth.js 4
- if (this.className.match(/(\\s|^)natively-supported(\\s|$)/))
+ if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))
hunk ./notes.org 61
-Instead, I propose that any browser which supports form-based HTTP Auth should
-add the class 'natively-supported' to forms requesting http authentication.
-This will allow sites to easily detect native support and avoid running their
-own JavaScript-based form-to-http-auth translators.
+Instead, it seems prudent to utilize the DOMImplementation hasFeature function.
+Thus, I propose a feature name of "HTTPFormAuth" and a version of "1.0".
Wed Oct 27 23:21:30 UTC 2010 pix@kepibu.org
* Prevent caching of ajax-login.php
hunk ./ajax-login.php 6
+ header('WWW-Authenticate: Basic Realm="Form-Based HTTP Auth Test"', false, 200);
hunk ./ajax-login.php 15
+
+/* no caching */
+header('Pragma: no-cache');
+header('Cache-Control: no-cache');
Wed Oct 27 22:01:20 UTC 2010 pix@kepibu.org
* Mention hanging on synchronous requests
hunk ./form-to-http-auth.js 6
+
hunk ./form-to-http-auth.js 11
+ var form = this;
hunk ./form-to-http-auth.js 14
+ /* synchronous hangs some browsers temporarily. :/ */
hunk ./form-to-http-auth.js 22
+ },
+ error: function (xhr, status, err) {
+ authed = false;
+ },
+ complete: function (xhr, status) {
+ /* Don't send username and password if we successfully managed to auth via HTTP */
+ if (authed) {
+ form.username.parentNode.removeChild(form.username);
+ form.password.parentNode.removeChild(form.password);
+ }
hunk ./form-to-http-auth.js 34
- /* Don't send username and password if we successfully managed to auth via HTTP */
- if (authed) {
- this.username.parentNode.removeChild(this.username);
- this.password.parentNode.removeChild(this.password);
- }
+
+ /* This is the only way to get browsers to submit the form exactly as
+ the user did, which is why we aren't using async above. */
Wed Oct 27 19:56:56 UTC 2010 pix@kepibu.org
* Eliminate unused code.
hunk ./form-to-http-auth.js 6
- /* Force the browser to clear the auth credentials. */
- /*
- var xhr = $.ajax({
- url: "/ajax-login.php",
- async: true,
- global: false,
- username: "-",
- password: "-",
- dataType: "text"
- });
- xhr.abort();
- */
Wed Oct 27 19:47:16 UTC 2010 pix@kepibu.org
* Don't use the hasClass function.
hunk ./form-to-http-auth.js 2
- function hasClass(node,className) {
- return node.className.match(new RegExp('(\\s|^)'+className+'(\\s|$)'));
- }