top

Issue when username and password are sent on 2012 platform

Published 2014-10-27 | (Compatible with SDK 3.5,4.5,5.0,5.1 and 2012,2013,2014 models)

Proper method of sending login credentials over XHR on 2012 platform

In widgets where authentication is required to get access, username and password are passed in request to verify whether the user has a genuine account with the widget or not.

Solution

Pass the username and password as an authorization request variable in request Header.

Bad example

XHRObj.open("GET", URL, true, SERVICE_USERNAME, SERVICE_PASSWORD);
XHRObj.send(null);

Good example

XHRObj.open("GET", URL, true);
var auth = window.btoa(SERVICE_USERNAME+ ":" + SERVICE_PASSWORD);
XHRObj.setRequestHeader("Authorization", auth);