Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
673 views
in Technique[技术] by (71.8m points)

ajax - JavaScript cross-domain call: call from HTTP to HTTPS

I need to make an asynchronous call to a secure (HTTPS) URL for the same domain.

Currently the page is working with regular HTTP (non-secure).

In other words: this is calling an URL in the same domain but using HTTPS.

Before switching this calls to HTTPS I ended implementing a server-side proxy to allow cross-domain AJAX calls, but now I'm facing same origin policy since HTTP and HTTPS are considered different origins too. So this proxy is unusable.

Summary: how to do cross-domain, asnynchronous POST requests in this scenario?

Various notes:

  • I couldn't accept any answer suggesting JSONP. Asynchronous calls must be using POST verb.
  • I'm using latest version of jQuery. Answer could be based on this library, or any other solving this problem.
  • Accessing the entire page over HTTPS isn't a solution.
  • Server platform is Microsoft .NET 4.0 (ASP.NET 4.0).
  • UDPATE: CORS isn't an option. There's no wide support for this in modern browsers.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

First of all, I've +1 both questions from @missingo and @PiTheNumber.

After spending a lot of hours, I've arrived to the conclusion I'm going to switch the entire page to HTTPS. That's because:

  • Most moderns browsers support CORS, but Internet Explorer, starting from 8th version has a proprietary implementation (XDomainRequest object), which may be disabled in some computers (mine had cross-domain request disabled by default in Internet security zone).

    • Opera doesn't support CORS. 12th version will support it, but this isn't an option as users should adopt this new version first, and this won't be in 2 days.

    • I need to do cross-domain requests since Web client application must request a RESTful service layer located in another domain. No way.

    • Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

Thanks anyway because both answer have helped me a lot for arriving to this conclusion.

UPDATE

@Sam has added a comment that could be interesting for anyone. It's about how to get CORS in Internet Explorer 8 and 9 (see #7): http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...