This project is archived and is in readonly mode.

#1086 ✓wontfix
Marat Denenberg

Mootools 1.3: Request.js + Basic HTTP Authentication + Firefox 4 Beta 7

Reported by Marat Denenberg | November 13th, 2010 @ 11:45 PM

Mozilla defines the defaults for for user and password as blank strings. Mootools sends undefined if those are not defined by user creating a Request object.

Please see:

The end result of this is that on Firefox 4 Beta 7 when you're on Basic HTTP Authentication and you have already signed on, and you're NOT providing user/password to the Request object, Firefox tries to login with undefined as user and undefined as password, gets a 401 from the server, and then prompts the user to sign in through a standard login dialog. This happens over and over for each and every XHR request.

This is easily fixed by modifying line 197 and 198 in Request.js from:, url, this.options.async, this.options.user, this.options.password);
if (this.options.user && 'withCredentials' in xhr) xhr.withCredentials = true;


if (this.options.user){
if('withCredentials' in xhr) xhr.withCredentials = true;, url, this.options.async, this.options.user, (this.options.password ? this.options.password : '')); } else{, url, this.options.async); }

After the fix, everything works as expected. For reference, here is the bug report on Bugzilla:

Apparently this is an issue for Dojo too. I will cross-reference on Bugzilla. Thank you!

Comments and changes to this ticket

  • Christoph Pojer

    Christoph Pojer December 16th, 2010 @ 04:55 PM

    • State changed from “new” to “wontfix”

    We do not support beta browsers. The ticket already says Firefox will be changed to work with Dojo and MooTools in the final release.

  • Marat Denenberg

    Marat Denenberg December 16th, 2010 @ 05:26 PM

    I agree. Supporting Beta software makes no sense. However, Firefox merely exposes the problem.

    The problem is that Request.js does not comply with the XMLHttpRequest specification.

    #15 and #16 clearly state that if anything (even null or undefined) is sent to open, it should use that to log in.

    I don't understand why the guys working on the spec did that. It is non-standard and weird. But it's there in black-and-white.

    It's up to you guys. I posted the patch above, so if somebody is having major problems with this issue, they know how to fix it.

    Thanks for your time!

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins