Issue when username and password are sent on 2012 platform
Proper method of sending login credentials over XHR on 2012 platform
Contents
In widgets where authentication is required to get access, username and password are passed in request to verify whether the user has a genuine account with the widget or not.
Solution
Pass the username and password as an authorization request variable in request Header.
Bad example
XHRObj.open("GET", URL, true, SERVICE_USERNAME, SERVICE_PASSWORD);
XHRObj.send(null);
Good example
XHRObj.open("GET", URL, true);
var auth = window.btoa(SERVICE_USERNAME+ ":" + SERVICE_PASSWORD);
XHRObj.setRequestHeader("Authorization", auth);