Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JavaScript cross-domain call: call from HTTP to HTTPS

Tags:

javascript

ajax

http

cross-domain

.net-4.0

I need to make an asynchronous call to a secure (HTTPS) URL for the same domain.

Currently the page is working with regular HTTP (non-secure).

In other words: this is calling an URL in the same domain but using HTTPS.

Before switching this calls to HTTPS I ended implementing a server-side proxy to allow cross-domain AJAX calls, but now I'm facing same origin policy since HTTP and HTTPS are considered different origins too. So this proxy is unusable.

Summary: how to do cross-domain, asnynchronous POST requests in this scenario?

Various notes:

  • I couldn't accept any answer suggesting JSONP. Asynchronous calls must be using POST verb.
  • I'm using latest version of jQuery. Answer could be based on this library, or any other solving this problem.
  • Accessing the entire page over HTTPS isn't a solution.
  • Server platform is Microsoft .NET 4.0 (ASP.NET 4.0).
  • UDPATE: CORS isn't an option. There's no wide support for this in modern browsers.
like image 381
Matías Fidemraizer Avatar asked Dec 07 '11 11:12

Matías Fidemraizer

People also ask

Can you call HTTP from HTTPS?

No way. Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

Does CORS work with HTTPS?

CORS requests may only use the HTTP or HTTPS URL scheme, but the URL specified by the request is of a different type. This often occurs if the URL specifies a local file, using the file:/// scheme.

What are cross-domain requests?

About cross-domain request enforcement. Cross-Origin Resource Sharing (CORS) is an HTML5 feature that enables one website to access the resources of another website using JavaScript within the browser.

What is cross-domain request in JavaScript?

Cross-Domain JavaScript Requests allow developers to work around security restrictions that would prevent an application from contacting Places (Search) API directly. For example, certain location information might not be retrievable without enabling this method.

1 Answers

First of all, I've +1 both questions from @missingo and @PiTheNumber.

After spending a lot of hours, I've arrived to the conclusion I'm going to switch the entire page to HTTPS. That's because:

  • Most moderns browsers support CORS, but Internet Explorer, starting from 8th version has a proprietary implementation (XDomainRequest object), which may be disabled in some computers (mine had cross-domain request disabled by default in Internet security zone).

    • Opera doesn't support CORS. 12th version will support it, but this isn't an option as users should adopt this new version first, and this won't be in 2 days.

    • I need to do cross-domain requests since Web client application must request a RESTful service layer located in another domain. No way.

    • Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

Thanks anyway because both answer have helped me a lot for arriving to this conclusion.

UPDATE

@Sam has added a comment that could be interesting for anyone. It's about how to get CORS in Internet Explorer 8 and 9 (see #7): http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

like image 68
Matías Fidemraizer Avatar answered Sep 18 '22 04:09

Matías Fidemraizer
Sign in to Comment

Related questions

Ng-repeat on integer value
How do I get the value of an input element using angular.element('#id')
Ignored call to 'alert()'. The document is sandboxed, and the 'allow-modals' keyword is not set
JS Promises: Fulfill vs Resolve
Multiple schema references in single schema array - mongoose
javascript create file list object from list of files [duplicate]
How to set a default value for a Flow type?
PhantomJs: Can't find variable map
Why is var not deprecated?
FlatList vs map react-native
javascript es6 import "expects exactly one argument"
Video and z-index inside scaled element: some divs disappear
Select attributes on repository.find() with relations (TypeORM)
how to prevent checkbox check when clicking on link inside label
How can I mimic text-overflow: ellipsis in Firefox?
Can we insert javascript into any webpage loaded in the browser
YUI remove javascript comments
How to match multiple words in regex
Override default behavior of comparison operators in JavaScript
Get cursor or text position in pixels for input element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!