XMLHttpRequest (XHR)

XMLHttpRequest (XHR) objects are used to interact with servers. You can retrieve data from a URL without having to do a full-page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing.

XHR requests might be done silently without causing the browser to refresh/redirect, hence when multiple auto-login credentials are found, they might not be displayed on the page making users to think the page is unresponsive. To tackle this issue, HTTP Proxy intercepts XHR requests and displays the credentials on a pop-up after the XHR response is retrieved with multiple credentials (HTTP 409-Conflict).

http.response.modification.post.url and http.response.modification.replacer.value

Element Type Properties should be set for the intended devices to enable that feature. http.response.modification.post.url must point to either a JS or HTML resource on the page where the login is performed. When HTTP Proxy matches the resource pointed by http.response.modification.post.url value, it will make the injection to intercept XHR requests. In addition, http.response.modification.replacer.value value must be set to the constant value ${scAutoLogin} which will cause the actual injection for displaying the multi-credential pop-up.

The first sample properties for the Kron PAM portal login page (HTML resource) are as follows:

The second sample properties for the Kron PAM portal login page (JS resource) are as follows:



The second sample properties for the Kron PAM portal login page (JS resource) are as follows: