Reputation: 10485
I have a nodeJS based server that receives this ajax request
$("#inbox").click(function() {
$.ajax({
type: "POST",
url: "/inbox",
data: dataString,
username: 'test',
password: 'test',
success: function(data) {
mails = JSON.parse(data);
var html = new String();
for (var i = 0 ; i < mails.length ; i++) {
html += mails[i].from + ": " + mails[i].subject + "<br>";
}
$("#emails").html(data);
},
error: function(xhr, textStatus, errorThrown) {
$("#emails").html("bad");
}
});
});
How do I get the username and password on the server side? I've checked the request headers, didn't see anything that would help me.
Also: after login, when username and password were validated, I send a response that redirects the user to /mail?user=username
. How do I safely send the password so that mail.html
will send it for further requests?
Thanks!
Upvotes: 0
Views: 1265
Reputation: 203251
If you're using Express, you'd need to use something like the basicAuth
middleware first. If you're using that, you can get to username
using req.user
. If you want to access the password as well, I think you need to supply your own validation-callback:
app.use(express.basicAuth(function(user, pass){
// validate username/password and return true or false
}));
For more information, look here.
As for passing the password to mail.html
: don't. Use sessions instead.
Upvotes: 1