In our site certain pages use SSL, most pages however don't (as they need to be crawled by web bots).
It pretty much boils down to any page where the user is logged in, with a few exceptions is under SSL,
But the user first has to login from a non https page (The login form is a form that drops from the top of the screen on any page).
So,
How can I force the requests over ajax to use SSL?
Is this even secure?
It violates JavaScript's same-origin policy, because it doesn't see the HTTPS URL as being from the same source as the HTTP URL. You can get around this by using JSONP or setting a Access-Control-Allow-Origin
header in the response from the web service. Many web services will be setup to do this already.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With