Attempt to login with XmlHttpRequest fails over HTTPS
I'm attempting to create a Chrome extension that connects to my web server over secured connection to enable user authentication.
My web server implements Spring Security solution and I was able to access my services when the security filter was turned off (http://1.2.3.4:8080/path/to/api
)
When I try to access the login via https://1.2.3.4:8443/path/to/auth
the XHR receives status code 0
for async requests and 'Error: INVALID_STATE_ERR: DOM Exception 11'
immediately after calling xhr.open('POST', url, false);
(which is a sync call) method.
var xhr = new XMLHttpRequest(); xhr.onreadystatechange = checkResponse; xhr.onerror = handleError; xhr.open('POST', loginUrl, true); // tried async and sync xhr.withCredentials = 'true'; // tried with and without xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xhr.send(loginContent);
My manifest file requests permission for both http://*/*
and https://*/*
(I even tried setting it to <all_urls>
).
What am I doing wrong and if such login attempt sounds possible?
Edit / Addition
I tested a login attempt to the https url with Poster plug in for FireFox and managed to authenticate myself from the same computer the Chrome attempt was made - so the server and the auth path are reachable outside Chrome extension.Another Edit / Addition When changing the authentication to HTTP instead of HTTPS I was able to authenticate myself via 开发者_JAVA百科the extension. Seems like HTTPS requests are blocked even that I requested for the required permissions.
精彩评论