Ajax - JavaScript cross-domain call call from HTTP to HTTPS

De openkb
Aller à : Navigation, rechercher

Sommaire

Questions

I need to make an asynchronous call to a secure (HTTPS) URL for the same domain.

Currently the page is working with regular HTTP (non-secure).

In other words: this is calling an URL in the same domain but using HTTPS.

Before switching this calls to HTTPS I ended implementing a server-side proxy to allow cross-domain AJAX calls, but now I m facing same origin policy since HTTP and HTTPS are considered different origins too. So this proxy is unusable. 

  Summary: how to do cross-domain, asnynchronous POST requests in this scenario?

Various notes:

    • I couldn t accept any answer suggesting JSONP. Asynchronous calls must be using POST verb.
    • I m using latest version of jQuery. Answer could be based on this library, or any other solving this problem.
    • Accessing the entire page over HTTPS isn t a solution.
    • Server platform is Microsoft .NET 4.0 (ASP.NET 4.0).
    • UDPATE  : CORS isn t an option. There s no wide support for this in modern browsers.

Answers

First of all, I ve +1 both questions from @missingo and @PiTheNumber.

After spending a lot of hours, I ve arrived to the conclusion I m going to switch the entire page to HTTPS. That s because:

    • Most moderns browsers support CORS, but Internet Explorer, starting from 8th version has a proprietary implementation (XDomainRequest object), which may be disabled in some computers (mine had cross-domain request disabled by default in Internet security zone).
      • Opera doesn t support CORS. 12th version will support it, but this isn t an option as users should adopt this new version first, and this won t be in 2 days.
      • I need to do cross-domain requests since Web client application must request a RESTful service layer located in another domain. No way.
      • Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

Thanks anyway because both answer have helped me a lot for arriving to this conclusion.

UPDATE

http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

Source

License : cc by-sa 3.0

http://stackoverflow.com/questions/8414786/javascript-cross-domain-call-call-from-http-to-https

Related

Récupérée de « http://openkb.fr/index.php?title=Ajax_-_JavaScript_cross-domain_call_call_from_HTTP_to_HTTPS&oldid=661 »
Outils personnels
Espaces de noms

Variantes
Actions
Navigation
Outils