Prototype HTTP Authentication

About a month ago Sam committed changeset 5448[1], which broke Ajax requests in Safari, see ticket 6638[2]. Can somebody look at the ticket and perhaps apply it?

What is the use case for sending clear text credentials from an html page anyway?

Manfred

1. http://dev.rubyonrails.org/changeset/5448
2. http://dev.rubyonrails.org/ticket/6638

What is the use case for sending clear text credentials from an html
page anyway?

(Basing this on the assumption that "sending clear text credentials
from an html page" is required for NTLM, and SSO to work in at least
this intranet scenario that I am currently dealing with).

Use Case:
http://groups.google.com/group/rubyonrails-talk/browse_thread/thread/77c9275792d961b3

Peter

I've reverted[1] this specific change because of the Safari issue.
Note that we surely want to have that in, but there needs to be a
better approach to this (see the discussion on 6638 for info and
possibly ways to workaround/use manual Authentification headers).

Best,
Thomas

[1] http://dev.rubyonrails.org/changeset/5741