Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JQuery.ajax not using HTTPS

So, I am calling a web service from jQuery using the .ajax method. The page that is calling the method is an HTTPS/SSL page, yet when the call is made, jQuery keeps making an HTTP request and it is failing because the server is set up to redirect all HTTP traffic to HTTPS...so a 301 error is coming back.

I have inspected my code a million times and tried a million ways to generate the url parameter for the ajax query. (using // for relative and now just appending the protocol https to the beginning of the url. Here is my javascript:

function add_inbound_record(serial_number, pass_fail_value)
{
   pfv = pass_fail_value.toUpperCase();
   url = location.protocol + "//" + location.hostname + "/inbound/record-                 inspection/" + serial_number + "/" + pfv;
   $.ajax({
   url:url,
   cache:false,
   });
}

So, when this code executes, I check the url paramter in firebug and it shows up correctly with https and the URL properly formed. However, when I execute the ajax function I see this in firebug:

301 MOVED PERMANENTLY

192.168.1.9

20 B

192.168.1.9:443

Response Headersview source
Connection  keep-alive
Content-Encoding    gzip
Content-Length  20
Content-Type    text/html; charset=utf-8
Date    Wed, 24 Oct 2012 17:33:34 GMT
Location    http://192.168.1.9/inbound/record-inspection/011234567890123421000000002995/P/?_=1351100020609
Server  nginx/1.1.19
Vary    Accept-Encoding

Request Headersview source
Accept  */*
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection  keep-alive
Cookie  djdt=hide; csrftoken=sF9RUxrlS6IKURxOryH2d2yT05gMighn;         sessionid=9682390da4011e445931643c81be9aae
Host    192.168.1.9
Referer https://192.168.1.9/fingerprint/inspect/
User-Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20100101     Firefox/15.0.1
X-Requested-With    XMLHttpRequest

As you can see above from the referrer, the protocol is HTTPS yet the location in the response header is HTTP? I can't for the life of me figure out why the request is going across the wire as HTTP and not HTTPS. The 301 response is accurate considering it is going as HTTP since, again, the webserver is configured to only allow HTTPS access. Any ideas?

like image 991
Rob Avatar asked Oct 24 '12 17:10

Rob


People also ask

Does AJAX work with https?

You cannot make an AJAX request to an https page if you are currently in http because of the Same Origin Policy. The host, port and scheme (protocol) must be the same in order for the AJAX request to work.

How does AJAX work in jQuery?

What About jQuery and AJAX? jQuery provides several methods for AJAX functionality. With the jQuery AJAX methods, you can request text, HTML, XML, or JSON from a remote server using both HTTP Get and HTTP Post - And you can load the external data directly into the selected HTML elements of your web page!

How does AJAX return an API call?

ajax returns immediately and the next statement, return result; , is executed before the function you passed as success callback was even called.


2 Answers

Ok. I messed with this for over 4 hours and as soon as I added a slash to the end of the URL, the issue went away and everything works fine. I have no idea why. The web server/web service does not require a slash to function correctly but for whatever reason, that's what "fixed" it. Thanks for the helpful comments guys.

like image 166
Rob Avatar answered Oct 02 '22 07:10

Rob


I was also very upset regarding the same problem. I was sending the ajax request from my ssl page as follows:

$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || 

$_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";

<script type="text/javascript">
    $.ajax({ 
          url: "<?php echo $protocol.$_SERVER['HTTP_HOST'].$this->url(array("action"=>"autocomplete", "controller"=>"ajax", "module"=>"default"));?>",
                    data: { term: $("#keyword").val()},
                    dataType: "json",
                    type: "POST",
                    success: function(data){
                        response(data);
                    }
                });

</script>

The problem was that, request header shows that the referer page is an ssl page but the response header shows the location an "http" page as in above Rob's code printscreen.

I came to know that each and every time when you make an ajax request from an ssl page response came to the same page i.e. for ssl page and when you make the ajax request from non-ssl page by the response will came for the same i.e. non-ssl page. This is the default rule for ajax request and response.

I think, definitely there must be a problem from my code side which force to make response from http while sending from https. Exactally, my suspicion was right. Actually there was a default code which force to redirect to response to http page instead of https. I am sharing the previous code:

    class Custom_Customplugins extends Zend_Controller_Plugin_Abstract
    {
        public function preDispatch(Zend_Controller_Request_Abstract $request)
        {
        $action = $request->getActionName();
        $controller = $request->getControllerName();
        $module = $request->getModuleName();

        $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
        $host = $_SERVER['HTTP_HOST'];
        if($host != "www.xyz.com")
        {
            if($protocol == "http://")
            {

            }
        }
        else
        {
            $r = new Zend_Controller_Action_Helper_Redirector();
            $u = new Zend_Controller_Action_Helper_Url();
            if(
            ($action == "index" && $controller == "index" && $module == "default") 
            || ($action == "login" && $controller == "index" && $module == "default")
            || ($action == "businessownerregistration" && $controller == "index" && $module == "default")
            || ($action == "customerregistration" && $controller == "index" && $module == "default")
            || ($action == "index" && $controller == "changepwd" && $module == "admin") 
            || ($action == "index" && $controller == "businessowner" && $module == "businessowner") 
            || ($action == "changepwd" && $controller == "serviceprovider" && $module == "businessowner")
            || ($action == "index" && $controller == "customer" && $module == "default")    
              )
            {
            if($protocol == "http://")
            {
                $r->gotoUrl('https://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
            }
            }
            else
            {
            if($protocol == "https://")
            {
                $r->gotoUrl('http://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
            }
            }
        }
        }
    }

After correction the code is:

<?php
    class Custom_Customplugins extends Zend_Controller_Plugin_Abstract
    {
        public function preDispatch(Zend_Controller_Request_Abstract $request)
        {
        $action = $request->getActionName();
        $controller = $request->getControllerName();
        $module = $request->getModuleName();

        $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
        $host = $_SERVER['HTTP_HOST'];
        if($host != "www.xyz.com")
        {
            if($protocol == "http://")
            {

            }
        }
        else
        {
            $r = new Zend_Controller_Action_Helper_Redirector();
            $u = new Zend_Controller_Action_Helper_Url();
            if(
            ($action == "index" && $controller == "index" && $module == "default") 
            || ($action == "login" && $controller == "index" && $module == "default")
            || ($action == "businessownerregistration" && $controller == "index" && $module == "default")
            || ($action == "customerregistration" && $controller == "index" && $module == "default")
            || ($action == "index" && $controller == "changepwd" && $module == "admin") 
            || ($action == "index" && $controller == "businessowner" && $module == "businessowner") 
            || ($action == "changepwd" && $controller == "serviceprovider" && $module == "businessowner")
            || ($action == "index" && $controller == "customer" && $module == "default")    
              )
            {
            if($protocol == "http://")
            {
                $r->gotoUrl('https://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
            }
            }
            else if(
                ($action == "autocomplete" && $controller == "ajax" && $module == "default")
                || ($action == "refreshcaptcha" && $controller == "index" && $module == "default")
               )
            {

            }
            else
            {
            if($protocol == "https://")
            {
                $r->gotoUrl('http://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
            }
            }
        }
        }
    }

?>

and now, my https page is working fine

like image 27
Jitendra Kumar Yadav Avatar answered Oct 02 '22 05:10

Jitendra Kumar Yadav