In JavaScript you can check whether the url/website accessed is over Http or Https, via 2 ways
window.location.protocol which returns http: or https:
window.isSecureContext which returns true for https and false for http.
I know that window.isSecureContext is non-standardised. But lets say I know it is available at the client browser.
Then,
https: while second says false or other way around.From https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts :
A context will be considered secure when it's delivered securely (or locally), and when it cannot be used to provide access to secure APIs to a context that is not secure. In practice this means that for a page to have a secure context, it and all the pages along its parent and opener chain must have been delivered securely.
For example, a page delivered securely over TLS is not considered a secure context if it has a parent or ancestor document that was not delivered securely, since otherwise the page would then be able to expose sensitive APIs to the non-securely delivered ancestor via postMessage messages. Similarly, if a TLS delivered document is opened in a new window by an insecure context without noopener being specified then the opened window is not considered to be a secure context (since the opener and opened window could communicate via postMessage).
Locally delivered files such as http://localhost and file:// paths are considered to have been delivered securely.
(Emphasis mine)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With