I believe that there's a number of questions here that cover similar areas, however, I couldn't find a concrete answer to my problem.
I am trying to programmatically (in Javascript) access an IP camera that is protected by basic HTTP authentication. My first attempt to achieve this was to add the credentials in the URL, but when this failed I read that browsers might strip the credentials for security reasons. I am on Chrome 90 and will see this as the benchmark required to work.
My next attempt was to do a GET request with an Authorization header field, placing the username and password there:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://myurl/');
xhr.setRequestHeader('Authorization', "Basic " + btoa("username:password"));
xhr.send();
This also fails, stating
[...] blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.
I don't have access to the server, so I cannot add any header fields. My next attempt was
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.open('GET', 'http://myurl/', true, username, password);
xhr.send();
which fails with the message
[...] blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.
Again, I won't be able to manipulate this value.
Now I am stuck between all those methods, where each seems to fail for its own reason. Can anyone give me a crucial clue on how to achieve a basic HTTP authentication within the described environment? Or am I chasing a ghost here?
