Serious issue with basic authentication via ajax, seems to be a bug!

[loukas1984]

After testing my widget to the devices mentioned at the bottom of the message I concluded that,

-WRT widgets do not support http HEAD requests.
-when using http basic authentication (ajax) the s60 platform prompts for authentication even
when I pass the correct credentials via http headers.This happens on Nokia N97, Nokia 5800 XpressMusic,
Nokia 5230 but not in Nokia E52.

Authentication header example:

xmlHttp.setRequestHeader("Authorization", 'Basic '+(Base64.encode(USERNAME+':'+PASSWORD))+'');

-also on basic authentication (ajax) when the user enters wrong credentials the platform prompts authentication
on all devices.

Devices tested:

1) Nokia N97
2) Nokia 5800 XpressMusic
3) Nokia 5230
4) Nokia E52

(All devices are firmware updated the via the Nokia Device Update feature in the Phone Management screen)

There are two more threads mentioning this issue, and there was no progress to sort this out.

Your help is much appreciated,
Thanks

[jzferreira]

Hi loukas,

This bug is really serious, WRT doesn't allow to set HTTP header request. Actually, the new firmwares in N97 allows, however I believe it will be fix in CWRT (WRT to Maemo platform) and in other firmwares update S60 3th and 5th.

I developed a widget which it was necessary to set http header in oauth authentication, I made a workaround and worked.

Javier

[loukas1984]

Hi jzferreira,

Thanks for your reply!

It would be much appreciated if you could share your workaround...

Thanks,
Loukas

[jzferreira]

The workaround is proxy

[hirvensarvi]

I think that the problem is related to the fact that Nokia WRT now does not support customized header.
Interesting, plenty of google applications, such as google spreadsheet, now provides API for web applications. Without supporting the customized headers, Nokia WRT can work only with public docs/sites and so on.

[pamepros]

Hi Javier, do you have an example on how to authenticate with oauth? I can't get my widget to connect with oauth.
Thanks
Pam

[vivacity]

By the way, WRT blocks not all HTTP headers, but some that were blocked because of security issues in Webkit-browser. BUT (!) this security issues were connected with browser, not with widgets that are standalone applications and of course must have possibility to change any header.

So those who have problems with Authorization header should know, that in Nokia browser BLOCKS this header and don't send it. So if you want to use it you should use proxy e.g. sending X-Authorization header and changing it to Authorization at proxy-server. But this is incredible situation, I agree. I'm now trying to create Twitter app and spending vast time to support proxy.

Another thing, as I understood, that last versions of Webkit (not that in Nokia) supports special field withCredentials for XHR object. This should enable authorization fields.

So my opinion is Nokia must unblock Authorization header (I even can't create twitter app without problems!) and other things that were created to restrict browser issues (not widgets). Or WRT never will be development enviroment of full value.

[rafiton]

Hi all,
I'm struggling with oauth / http_cookie as well. Its really annoying as my code works perfectly on phoneGap with Andoid and iPhone but using WRT I simply can't get http_cookie hence cannot start a proper php session.
Any elegant solution (other than running a proxy server) ?

Thanks
Rafi

[sergiuseling]

Hi, I seem to have the same problem with the missing headers for authentication .
Do you know if this issue is solved with the newer devices or newer browsers?

[vivacity]

They didn't update even webkit in new firmwares. The problem is still the same. I thinks we should wait for QtWRT with more modern browser