Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

jQuery ajax and SSL?

In our site certain pages use SSL, most pages however don't (as they need to be crawled by web bots).

It pretty much boils down to any page where the user is logged in, with a few exceptions is under SSL,

But the user first has to login from a non https page (The login form is a form that drops from the top of the screen on any page).

So,

How can I force the requests over ajax to use SSL?

Is this even secure?

like image 912
Hailwood Avatar asked Jun 20 '11 23:06

Hailwood


1 Answers

It violates JavaScript's same-origin policy, because it doesn't see the HTTPS URL as being from the same source as the HTTP URL. You can get around this by using JSONP or setting a Access-Control-Allow-Origin header in the response from the web service. Many web services will be setup to do this already.

like image 89
nzifnab Avatar answered Nov 12 '22 21:11

nzifnab