The first request must be sent to retrieve the domain component to send for HTTP authentication.

You can try using the 'credentials' method, and see if that'll prevent the extra request, but it'll make your client more fragile as it'll break if they change the domain, host, etc..