I'm developing a widget that uses an XMLHttpRequest object to poll
Gmail's secure RSS feed. (This feed returns summary information about
all the unread messages in your inbox.) The one thing that's
preventing me from releasing my widget is weird behavior in the way
Dashboard (or Web Core?) treats an XMLHttpRequest over HTTPS. Here's
the relevant code snippet:
var userId = getUserId(); // from widget preferences
var password = getPassword(userId); // from keychain
req = new XMLHttpRequest();
req.setRequestHeader("Cache-Control", "no-cache");
req.open("GET","https://"+userId+":"+password+"@gmail.google.com/gmail/feed/atom";,
true);
req.onreadystatechange = processReqChange;
req.send(null);
Here's what I've been seeing:
- The request may or may not work. When it does work, the first time a
Keychain dialog box asks if "DashboardClient" is allowed to see the
Internet password for google.com. The odd thing is that the prompt
doesn't always come up.
- When it does work, Dashboard "hangs on" to the username/password
combo. E.g., suppose you authenticate as "joe/password", subsequent
XMLHttpRequests will use this identity even if the username/password
changes! I would change to a new user (my debugging output proved that
my code was doing the right thing) but still get the previous user's
feed. I know it isn't a page caching issue because I am seeing the
latest feed info--just not for the right user. In fact, once Dashboard
becomes fixated, I can't seem to get it to respect any userId/password
I pass it.
I'm hoping someone can shed some light as to what's going on here. If
I'm seeing a bug, are there workarounds? I'm not averse to writing
native code as I'm already using a plugin to interface w/ Keychain.
Thanks in advance!
--Ed Lau
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Dashboard-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/dashboard-dev/email@hidden
This email sent to email@hidden
