Curl to Javascript

Question

I am making a Chrome Extension that talks to a website via an api. I want it to pass information about a current tab to my website via a cors request.

I have a POST api request already working. It looks like this:

...
var url = "https://webiste.com/api/v1/users/sendInfo"
...
xhr.send(JSON.stringify({user_name:user_name, password:password, info:info}));

Its corresponding curl statement is something like this:

curl -X POST https://website.com/api/v1/users/sendInfo -d '{ username:"username", password:"password", info: "Lot's of info" }' --header "Content-type: application/json

But, this is not as secure as we want. I was told to mirror the curl command below:

curl --basic -u username:password  -d '{ "info": "Lot's of info" }'

But, one cannot just write curl into javascript. If someone could either supply javascript that acts like this curl statement or explain exactly what is going on in that basic option of the curl script I think that I could progress from there.

Igor Raush · Accepted Answer

The curl command is setting a basic Authorization header. This can be done in JavaScript like

var url = "https://webiste.com/api/v1/users/sendInfo",
    username = "...",
    password = "...";
xhr.open('POST', url, true, username, password);
xhr.send(...);

This encodes the username/password using base 64, and sets the Authorization header.

Edit As arcyqwerty mentioned, this is no more secure than sending username/password in the request body JSON. The advantage of using the basic authentication approach is that it's a standard way of specifying user credentials which integrates well with many back-ends. If you need security, make sure to send your data over HTTPS.

Curl to Javascript

Answers (2)

Related Questions