Form submit via AJaX from HTTP to HTTPS

Hello, all,

I’m trying to submit form data from HTTP to HTTPS via AJaX on the same domain. However, I’m triggering CORS error messages in FF and IE10. I have done some research and understand that crossdomain.xml might be a workaround. However, network security is ultra-tight around here, and that may not be allowed.

What are other options for getting AJaX form data from HTTP to HTTPS on the same domain?

EDIT: Something that does not require the form to be loaded in HTTPS?

V/r,

:slight_smile:

So far, the response from network security has been that crossdomain.xml will not be allowed if any wildcards are used.

I replied, asking if it would be allowed if the domain were set without wildcards. No response, yet.

So… if it isn’t allowed, has anyone successfully connected an HTTP form to an HTTPS process via AJaX without using crossdomain.xml and without loading the form in an HTTPS page?

V/r,

:slight_smile:

Anyone?

that’s because you’re using different protocols and thus violating SOP, resulting in a CORS issue.

crossdomain.xml - from what I’ve read that’s mostly related to Flash. eventually, CORS must (also) be enabled on the server.

I am aware of this. I don’t completely understand why; seems to me that if it’s the same domain, it’s the same domain, regardless of protocol. But I do know that things like session variables don’t work because the browser will create a new session between http and https.

This I was not aware of. In the reading I’ve done, so far, I don’t remember seeing anything about this being only Flash. I assumed that the crossdomain.xml would work for everything. If enabling CORS is the only fix, I’m pretty much boned as far as AJaX goes.

Thank you for replying.

V/r,

:slight_smile:

(from Wikipedia)

The algorithm used to calculate the “origin” of a URI is specified in RFC 6454, Section 4. For absolute URIs, the origin is the triple {protocol, host, port}

as you can see, the origin is not the same as the domain.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.