0

My goal is to have a link a visitor can click and then be redirected and logged into a site with basic authentication. We currently use embedded credentials for this on a couple of web pages not hosted by us, but embedded credentials are no longer supported in Chrome. I've been investigating alternatives to passing credentials in the URL (ie https://user:password@website.com), and so far haven't found a solution that's better than the following:

var url = 'https://www.third-party-website.com';
var username = 'my-username';
var password = 'my-password';
var encodedAuth = window.btoa(username + ':' + password); 

$.ajax({
  type: 'GET',
  url: url,
  xhrFields: {
     withCredentials: true,
  },
  headers: {
   "Authorization": "Basic " + encodedAuth
  },
  complete: function (result) {
   window.location.href = url;
  },
  error: function (req, status, error) {
    console.log(error);
  }
});

Which gives me the following error:

XMLHttpRequest cannot load https://www.third-party-website.com. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://my-website.com' is therefore not allowed access.

Based on this SO thread, I think I would need access to the third party's server to set its Access-Control-Allow-Origin to allow my domain. Are there any other alternatives for me if I can't change the header on the third party server? Or is my AJAX request not formatted correctly?

ktbee
  • 360
  • 2
  • 14
  • Your ajax is configured properly. Might be able to accompish what you need using a proxy. Cookies for other site may be problematic though – charlietfl Aug 02 '17 at 18:03

1 Answers1

0

You may want to setup an page on your own website as a proxy and post the username + password to your proxy using something like this in js Link

$usr = $_POST['username'];
$pwd = $_POST['password'];

How to setup curl with auth

Raccoon
  • 34
  • 9