Why does a browser dialog come up when an xmlhttprequest sends the wrong / no auth?
- by Kyle
How come the major browsers all bring up a login dialog when an xmlhttprequest does auth wrong or doesn't send it? I mean isn't this poor UI? Now a days it seems like a lot of people try http auth in jQuery, because theoretically it is quite easy - until the user fails to enter the correct data and is presented with the browsers dialog, which gets in their way, and they might have no idea what to do with it or why it's there? I don't know too much about these low level browser specifications but can someone bring this up with the RFC or webkit/gecko developers? jQuery digest auth could be powerful and user friendly if this was fixed.
** It seems like apache could also fix the problem on their side by not sending the header, but whichever one is the most secure way of doing this would be nice.