How to POST data to an HTTP page from an HTTPS page

views:

answers:

How to POST data to an HTTP page from an HTTPS page

I know this is a long shot, but I figured I'd ask the question anyway.

I have an HTTPS page and am dynamically creating a form. I want to POST the form to an HTTP page. Is this possible without the browser popping up a warning? When I do this on IE8, I get the following message:

Do you want to view only the webpage content that was delivered securely?

Essentially, I'm asking about the inverse of question 1554237.

+1 A:

Sadly, I know of absolutely no way to not get warned when posting from HTTPS to HTTP. If you serve the form securely, the browser expects to submit the data securely as well. It would surprise the user if anything else was possible.

sblom 2010-04-20 18:19:43

Nope, can't be done. Our good friend IE will always pop up that warning.

jvenema 2010-04-20 18:19:57

What happens if you try using ajax?

zaf 2010-04-20 18:23:26

Ajax won't work (creates a warning on the bottom of the page), but you can get around it, as I suggested.

Stefan Kendall 2010-04-20 18:34:27

Why down-vote? It is true, this cannot be done, see @sblom's post.

Nate Bross 2010-04-20 18:39:05

Seriously, what's up with the down vote? This isn't possible. The suggestion from Stefan is your only option, basically proxy the request, but that's not posting to an HTTP url, that's posting to an HTTPS url, and proxying the request to HTTP.

jvenema 2010-04-20 19:53:15

You can solve this by either acting as a proxy for the form destination yourself (i.e. let the form submit to your server which in turn fires a normal HTTP request and returns the response), or to let access the page with the form by HTTP only.

BalusC 2010-04-20 18:21:40

If you don't need to actually redirect to the insecure page, you can provide a web service (authenticated) that fires off the request for you and returns the data.

For example: From the authenticated page, you call doInsecure.action which you create as a web service over https. doInsecure.action then makes a manual POST request to the insecure page and outputs the response data.

Stefan Kendall 2010-04-20 18:33:57

You should be able to do this with the opensource project Forge, but it sounds like overkill. The Forge project provides a JavaScript interface (and XmlHttpRequest wrapper) that can do cross-domain requests. The underlying implementation uses Flash to enable cross-domain (including http <=> https) communication.

http://github.com/digitalbazaar/forge/blob/master/README

So you would load the Forge JavaScript and swf from your server over https and then do a Forge-based XmlHttpRequest over http to do the POST. This would save you from having to do any proxy work on the server, but again, it may be more work than just supporting the POST over https. Also, the assumption here is that there's nothing confidential in the form that is being posted.

dlongley 2010-09-03 02:21:34

ansaurus

tags:

views:

answers:

How to POST data to an HTTP page from an HTTPS page

related questions