I am trying to call a JS script which domain is protected with a username and password, I do have those details. When I put the url in Google Chrome a Authentication Required prompt show and I fill in my details and I am able to see the file.
What I want to know if it is possible to call the script in HTML with the script tag or some additional JS code to fill in the prompt. What I have now is just a simple way to call every normal script.
<script type="text/javascript" src="https://example.com/javascript.js"></script>
Can I add more parameters to login or is there JS code to bypass this?
The only things I found were irrelevant or were based on creating a login script.
-
take a look at this stackoverflow.com/questions/28737081/…Sean– Sean2017年08月08日 12:26:42 +00:00Commented Aug 8, 2017 at 12:26
-
2What's the point of password protecting that URL...? If you want to keep it obscure, use some long random directory/filename instead; if you're going to embed all the necessary information into the URL anyway that's just about as good.deceze– deceze ♦2017年08月08日 12:27:23 +00:00Commented Aug 8, 2017 at 12:27
-
Or to put it a different way, you are exposing your credentials for that domain for the whole world to see.Jared Smith– Jared Smith2017年08月08日 12:28:55 +00:00Commented Aug 8, 2017 at 12:28
1 Answer 1
Other than a long-deprecated mechanism allowing you to embed a username and password (!) in a URL, which you really don't want to use for obvious reasons (and because browsers and servers are thankfully dropping / have dropped support), there's no way to bypass the authentication stage if you have the file protected by authentication.
Which is a good thing. Presumably the authentication is there for a reason. Embedding your credentials in your HTML would make the authentication absolutely pointless.
Even if you could, once the script is loaded its full contents are available to the user anyway. So if it's valuable private information, it wouldn't stay private for long.