Re: [xwiki-users] Creating a seperate login page in a space that is not blocked (ie XWiki)

Wed, 10 Feb 2016 03:45:43 -0800 

Hi,
Thanks for helping. My precise problem is that it is not possible to load the page XWiki.XWikiLogin with the use of XMLHttpRequest in javascript. I have tested this when logged in and when not logged in. 

This is the example code (from W3Schools.com, a little bit compressed):

{{velocity}}
{{html}}

<h2>Using the XMLHttpRequest object</h2>
<button type="button" onclick="loadXMLDoc()">Change Content</button>
<p id="demo"></p>

<script>
function loadXMLDoc() {
  var xmlhttp;
  if (window.XMLHttpRequest) xmlhttp = new XMLHttpRequest();
  else xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
  xmlhttp.onreadystatechange = function() {

    if (xmlhttp.readyState == 4 && xmlhttp.status == 200) 
document.getElementById("demo").innerHTML = xmlhttp.responseText;

  };

  xmlhttp.open("GET", 
"$xwiki.getURL('XWiki.XWikiLogin','login')?xpage=plain", true);

  xmlhttp.send();
}
</script>

{{/html}}
{{/velocity}}


This results in a console logged javascript error report stating a "401: 
Unauthorized" error.



I have tried it with another page in the XWiki space and that page /can/ 
be requested via GET.
So I suspect it is not the space but the page (XWiki.XWikiLogin) that 
cannot be fetched via a GET request in javascript.


Regards,
Jan-Paul


Op 10-2-2016 om 10:31 schreef Eduard Moraru:

Hi,

On Mon, Feb 1, 2016 at 12:36 PM, Jan-Paul Kleijn <[email protected]> wrote:


Hi there,
The login page of XWiki is situated in the XWiki space. From this space it
is not possible to load pages with a XMLHttpRequest in javascript.


Please be more precise on your original problem. What have you tried and
what has failed?

The only particularity about the XWiki space is that it has a space-level
edit right restriction, allowing only XWikiAdminGroup to edit, but that`s
about it so I`m not sure you need to go through the trouble of creating a
new login page.

Thanks,
Eduard



I want to work around this by creating a seperate login page with exactly
the same content as the current XWiki login page.
I would like to know if this will pose a security risk or not. I do not
understand why it should but I am asking you to make sure I am not
forgetting anything.

If you like I can share the procedure with you because I think it can be
an improvement over the current situation.

Kind regards,
Jan-Paul Kleijn
_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users


_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users


_______________________________________________
users mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/users






















					Reply via email to