Prevent caching of ajax-login.php --> to head
Thu Oct 28 20:22:24 UTC 2010 pix@kepibu.org
* *ahem* Use the correct input type for the username text box.
hunk ./login.php 48
-<label for='theusername'>Username: <input type='textbox' name='username' id='theusername'></label>
+<label for='theusername'>Username: <input type='text' name='username' id='theusername'></label>
Thu Oct 28 00:01:20 UTC 2010 pix@kepibu.org
* Protect hasFeature call.
hunk ./form-to-http-auth.js 4
- if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))
+ if (document.implementation &&
+ document.implementation.hasFeature &&
+ document.implementation.hasFeature("HTTPFormAuth", "1.0"))
Wed Oct 27 23:48:14 UTC 2010 pix@kepibu.org
* Switch to hasFeature(), which seems perfectly suited for this.
hunk ./form-to-http-auth.js 4
- if (this.className.match(/(\\s|^)natively-supported(\\s|$)/))
+ if (document.implementation.hasFeature("HTTPFormAuth", "1.0"))
hunk ./notes.org 61
-Instead, I propose that any browser which supports form-based HTTP Auth should
-add the class 'natively-supported' to forms requesting http authentication.
-This will allow sites to easily detect native support and avoid running their
-own JavaScript-based form-to-http-auth translators.
+Instead, it seems prudent to utilize the DOMImplementation hasFeature function.
+Thus, I propose a feature name of "HTTPFormAuth" and a version of "1.0".
Wed Oct 27 23:21:30 UTC 2010 pix@kepibu.org
* Prevent caching of ajax-login.php
hunk ./ajax-login.php 6
+ header('WWW-Authenticate: Basic Realm="Form-Based HTTP Auth Test"', false, 200);
hunk ./ajax-login.php 15
+
+/* no caching */
+header('Pragma: no-cache');
+header('Cache-Control: no-cache');