No no. Just site acces. Nothing to do with ajax.
Dave Maharaj
Freelance Designer | Developer
www.movepixels.com | dave@movepixels.com | 709.800.0852
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben
Sent: Thursday, November 28, 2013 12:53 AM
To: cake-php@googlegroups.com
Subject: Re: Production and Development Environment
I'm assuming that's some sort of Ajax API that you're doing?
You could make your Javascript aware that it's in a development environment, and pass the Authorization token, as per http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html.
If you're using jQuery.ajax, you can pass the username and password for Basic Authentication, but that leaves you a bit open. Also, it only sends the info when challenged with a 401, so explicit header setting might be your only option. [http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax]
You could update the programming to only require authentication for non-ajax requests, but that might be defeating the purposes as well.
Of course, I'm assuming that your application would normally use Form authorization in production, but you've got the added layer of Basic authentication in development.
This issue should only happen when calling the API from a different domain. If the browser that is already authorized, is calling the APIs on the same domain, then the Authorization token <b>should</b> be sent automatically. I'm emphasizing that "should", because it would just seem screwy if it didn't.
On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote:
Building a site on client's server and password protected but now adding in API functionality and the htaccess is blocking responses back from the API calls since they can't reach the site.
Is there a simply way to define production / development to allow access without password protecting the site.
I do not want to go thru all 65 controllers and re-code $this->Auth->deny() / allow();.
Thanks
Dave
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment