Indeed there seems to be issue with the Browser 184.108.40.206 on passing username and password
What you can do to workaround this problem is to generate Authorization header by yourself.
xmlHttpReq.open("GET", url,true, user, pass); //does not work
You'll need base64 encoded username and password pair separated by semicolon. I was using following library and it worked OK.
Then in XMLHttpRequest set custom Authorization Header and declare it to be "Basic" type.
var auth = Base64.encode(user+':'+pass);
xmlHttpReq.setRequestHeader("Authorization", "Basic "+auth);
Please note that in URL authentication support was dropped intentionally. If your widget was using it, please start using the workaround.