tags:

views:

1281

answers:

3
+2  Q: 

HTTPS request via AJAX from HTTP page

Hello

Would there be any problems calling an HTTPS page (e.g. a credit card authorisation service i.e. WorldPay) from a standard HTTP page via AJAX?

I can't imagine why there would be a problem, the response would be an HTML page which I could then embed in a result pane or such like?

+8  A: 

Yes this would be a Cross domain posting and would be blocked by the browser.

AnthonyWJones  2009-06-18 14:00:54
and the reason browsers do this is because if users see https:// in their address bar (along with the lock symbol or whatever depending on browser), they have a different expectation of security and privacy than if it is http://. In fact, if I was at your site and I was asked for credit card verification on a page that was http://, I would leave (even if the form or ajax involved used https). Even Verisign had a page set up this way once, but it is bad form...
larson4  2009-06-18 14:06:32
Would it really be blocked though? http://domscripting.com/blog/display/91Not saying it's a good idea - I agree with ferocious - but just need to be prepared!
Duncan  2009-06-18 14:51:04
@Duncan: yes, its highly unlikely the hacks suggested in that article would be supported by a site like WorldPay. The only sensible options are a secure server-to-server exchange or a framed form supplied directly from the payment site (ala the VISA verfication thing that is quite common these days).
AnthonyWJones  2009-06-18 15:31:56
A: 

Anthony is right, but what you could do is create a local page the AJAX calls and that communicates with the HTTPS service via cURL or something else and returns. That way everything is done locally according to Java script.

Ólafur Waage  2009-06-18 14:12:12
Of course, since (in this case) this would involve credit card details being sent across the network in the clear, you absolutely should not do this.
David Dorward  2009-06-18 14:15:56
Ofcourse .
Ólafur Waage  2009-06-18 14:17:28
A: 

hello im kurt, a php programmer, i have set up our site to https and requesting a file(http) using ajax but the request is unsuccessful? im a newbie can you help me what is the problem or can you identify at least the reasons.

thank you very much

Joseph Kurt  2010-01-29 12:05:48
Hi, welcome at Stackoverflow! Please don't post questions as answers :) You can post questions as questions by pressing `Ask Question` button at the right top. Feel free to include links to topics you found in search, but didn't help in answering your own question.
BalusC  2010-01-29 12:09:13

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State