Hi, I posted a bug in bugzilla.mozilla and the Mozilla forums about a
bug that I'm seeing when trying to secure some resources under a REST
protocol. I believe this is a bug that severely hampers security under
REST, and would like to solicit some comments.
Basically, the seems that Firefox's xmlhttprequest authentication
handling fails when you change the URL. I'm creating URLs to resources
on a REST architecture on the fly with a parameter. Each folder is
protected with basic http authentication.
Here is the function:
xmlhttp = new XMLHttpRequest();
function executeGet(anId) {
var url = 'demos/firefox/' + anId + '/hello.php';
xmlhttp.open("GET", url, true, "schow", "schow");
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
alert(xmlhttp.responseText);
}
}
xmlhttp.send(null);
}
and calling the function thusly:
<td><a href="#" onclick="executeGet(1)">X</a></td>
<td><a href="#" onclick="executeGet(2)">X</a></td>
<td><a href="#" onclick="executeGet(3)">X</a></td>
Clicking on one link will work. Clicking on a different link the next
time will fail. The dialog box will pop up, but if you dismiss the
dialog box, it will work. Then the cycle repeats.
The full details are here in
https://bugzilla.mozilla.org/show_bug.cgi?id=411517 . A demonstration
of the problem is here:
http://www.shuchow.com/testajax.php. As REST
becomes more important, this bug will have a bigger impact. Any help,
insight, or bug votes would be appreciated. Thanks!
xmlhttprequest authentication doesn't work in Firefox? 
