After Enable Opener, I have a rule set that identifies files that are PDF (or whatever) uploads and sets a specific user-defined property. I can use that property to completely block the connection or to pop up an authentication dialog in the next rule set, but what I want to do is return a notification page to the client that requests that they authenticate before proceeding. Once they authenticate, redirect the connection back to the original POST URL or to a point where they can resubmit the upload.
For something like gmail attachments, a Block page won't display the page to the client and Authenticate would pop up an authentication dialog, but I want to give the user context so that they know what credentials they should use to authenticate. Seems to me that this might be possible by using a Redirect to a Block page with an option to authenticate, but I haven't yet found the right combination of rules.
Is this possible?
Because the POST request actually doing the upload is done by the site's AJAX script using the XMLHttpRequest object, you cannot break out of that communication context and get to an HTML renderable window.
OK, yeah, that makes sense now. Duh. I looked at the connection today and I could see the 302 coming back to the browser and being ignored.
IIRC, the issue with transparent access and 401 unauthorized without an intermediate 302 of some sort is that the client is authenticating for the specific destination so if you tried to do Authentication.Authenticate<whatever> for all situations, the client would have to reauthenticate for each destination domain.
Might be workable for a specific situation such as gmail.I tested for that use case and it works as needed. There is a prior rule after Enable Opener that sets a user-defined property if a specific criteria is met. Authentication rule looks like this:
|Big Upload Authentication|
Applies to Requests: False / Responses: False / Embedded Objects: True
1: Cycle.TopName equals "Request"