Menu
If I created an html/jquery widget that was meant to be placed on 3rd party websites (where users are expected to have extremely low technical knowledge and probably lacking an SSL certificate) and used jquery to AJAX Post the information of the widget to a secure url the information posted would be secured properly correct?
Edit: Can anyone elaborate on the same origin policy / implications of having a site that has no SSL certificate in regards to it?
888
post() methods provide simple tools to send and retrieve data asynchronously from a web server. Both the methods are pretty much identical, apart from one major difference — the $. get() makes Ajax requests using the HTTP GET method, whereas the $. post() makes Ajax requests using the HTTP POST method.
You cannot make an AJAX request to an https page if you are currently in http because of the Same Origin Policy. The host, port and scheme (protocol) must be the same in order for the AJAX request to work.
This illustrates the thing about AJAX security: since it is code which runs on the client side, whatever it does cannot be trusted by the server, even if the user is duly authenticated (knowing who does it does not make it automatically legitimate).
post is a shorthand way of using $. ajax for POST requests, so there isn't a great deal of difference between using the two - they are both made possible using the same underlying code.
The data would be secure in transit, but the page making the request could be intercepted and modified in before reaching the client so the request could be diverted or modified. (Simple case - make two requests instead of one, one to the secure server and one to a hacker's server)
If you want security then you need to have both the page performing data collection/submission and the page processing the data passed over SSL.
(You would also have to deal with the issue of Same Origin Policy.)
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
