Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible to make a JSONP request from HTTPS to HTTP?

Tags:

javascript

jquery

jsonp

cross-domain

web-services

I know there is an almost duplicate question, but the answer is not satisfactory at all.

I need to do geocoding using the Openstreetmap service which runs over HTTP.

My site runs over HTTPS.

It seems impossible to do JSONP request from https to http, browser (Chrome) complains about insecure content.

Any solutions?

like image 771
Cranio Avatar asked Aug 31 '12 08:08

Cranio

People also ask

Can we send request from https to HTTP?

In order for something to redirect HTTPS to HTTP, something must be listening on the HTTPS port. Your client must first open a SSL/TLS connection to the port serving HTTPS, HTTP traffic is tunneled through the SSL/TLS connection and the server will respond with a redirect to the HTTP port.

What request does JSONP use?

JSONP stands for JSON with Padding. Requesting a file from another domain can cause problems, due to cross-domain policy. Requesting an external script from another domain does not have this problem. JSONP uses this advantage, and request files using the script tag instead of the XMLHttpRequest object.

Can JSONP be used with post request?

We can only use JSONP when: The API itself supports JSONP . It needs to return the JSON response wrapped in a function and it usually lets us pass in the function name we want it to use as one of the query params. We can only use it for GET requests, it doesn't work for PUT / POST / DELETE and so on.

How does JSONP request work?

It works by dynamically adding a <script> tag to the DOM and calling a predefined function with the remote web service's JSON data as the parameter. The <script> tag is not subject to the same origin policy and therefore can request content cross-domain.

2 Answers

The reason that the browser complains about insecure content is that the content is insecure. The entire purpose with a secure page is that all of it is secure, and can be trusted.

You can set up a proxy page in your secure site that requests the insecure content. There you should verify the content before it's sent to the browser, so that it is actually secure, not just pretending to be secure.

like image 126
Guffa Avatar answered Nov 14 '22 22:11

Guffa

If you want to make a POST request to an external service that runs under HTTP while the initial request is coming from HTTPS it will always be considered as insecure. There's, as far as I know, no way around it.

What you can do, is POST to your backend which send another POST request to the service that is running under HTTP. From there just return the value returned by the HTTP service.

like image 26
Jonas Geiregat Avatar answered Nov 14 '22 22:11

Jonas Geiregat
Sign in to Comment

Related questions

Difference between this.form and document.forms
Programmatically edit a Google doc with JavaScript
RegEx for 5 digit zip or empty
When should I use this.x vs var x?
Static variables with John Resig's simple class pattern?
how to stop hover effect for button in disable mode
javascript change form onsubmit dynamically
URL routing in Node.js
.back, and .pushState - a tale of two histories
AngularJS directive link function not working
Creating Object Key with jquery.each() loop
how to communicate through serial port on client side using javascript?
What is the correct way to "serialize" functions in javascript for later use
How to pass arguments to functions binded in events object in backbone.js
Javascript index of for multiple values
ExtJs inheritance behaviour
AngularJS Services (Update/Save)
Auto scroll top when page loaded using jQuery
D3 Bubble Chart
&& evaluation issue

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!