Hi,
I have a page that makes many XmlHttpRequest requests from a single
page. This works fine but I need some requests to be made over a
secure connection. To my understanding, when setting the location of
the path to the file to fetch during the XmlHttpRequest request it has
to the be the path relative to the web page such as /secret.php and
NOT a full URL such as https://www.example.com/secret.php .. is this
about the general idea?? Would I be correct in saying that the only
way I can made secure requests by making the whole page HTTPS?? The
only problem for me with this is that every transfer form the server
(images, non-private data, etc) would have to be over HTTPS which puts
some excess strain at the backend when onl a small portion of data
needs to be protected.
Can anyone make any suggestions that might help me solve this issue?
Thanks
Burnsy 2  4131 
On May 29, 12:03 pm, bizt wrote:
Hi,
I have a page that makes many XmlHttpRequest requests from a
single page. This works fine but I need some requests to be
made over a secure connection. To my understanding, when
setting the location of the path to the file to fetch during
the XmlHttpRequest request it has to the be the path relative
to the web page such as /secret.php and NOT a full URL such
as https://www.example.com/secret.php.. is this about the
general idea??
No, the URL used with XML HTTP request objects may be absolute or
relative.
Would I be correct in saying that the only way I can made
secure requests by making the whole page HTTPS??
Yes, but not any reason related to the form of the URL, but rather
because a page originating from one domain may not make XML HTTP
requests to another domain (and http: and https: domains cannot be the
same domain).
The only problem for me with this is that every transfer
form the server (images, non-private data, etc) would
have to be over HTTPS which puts some excess strain at
the backend when onl a small portion of data needs to be
protected.
Yes, there is an overhead in HTTPS.
Can anyone make any suggestions that might help me solve
this issue?
It is going to be important to encourage the client-side caching of
everything that can be (safely) cached, such as images and JS files.
Over an HTTPS connection the browser is very likely to default to
considering everything it receives as 'private' (and so non-cacheable
(which makes sense if a secure protocol is in use)) unless it receives
HTTP headers that positively assert otherwise.
Henry wrote:
On May 29, 12:03 pm, bizt wrote:
>I have a page that makes many XmlHttpRequest requests from a
single page. This works fine but I need some requests to be
made over a secure connection. To my understanding, when
setting the location of the path to the file to fetch during
the XmlHttpRequest request it has to the be the path relative
to the web page such as /secret.php and NOT a full URL such
as https://www.example.com/secret.php.. is this about the
general idea??
No, the URL used with XML HTTP request objects may be absolute or
relative.
However, since XHR does not allow accessing another domain from within the
sandbox, the set of reasonable uses of (absolute) URIs (in contrast to
relative URI-references, commonly called "relative URIs") there is rather
limited.
>Would I be correct in saying that the only way I can made
secure requests by making the whole page HTTPS??
Yes, but not any reason related to the form of the URL, but rather
because a page originating from one domain may not make XML HTTP
requests to another domain (and http: and https: domains cannot be the
same domain).
http: and https: domains can be the same domain, of course. However, the
Same Origin Policy considers them to be of different origin even if the
domain is the same, because at least the URI scheme (and so supposedly, here
actually, the transfer protocol) is not.
PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Chris Smith |
last post by:
Been banging my head against this one for some time. I'm attempting to
use XmlHTTPRequest to read an XML document from the web server and
interact with it using the DOM. So far, I've had less than perfect luck
with IE. What I've established:
- In IE, the responseXML property sometimes returns an empty document.
- It always does so when testing on local files.
- It (sometimes? always?) works fine when pages are served by a web
server.
|
by: John Yopp |
last post by:
Is there any way of making XMLHTTPRequest calls using SSL?
Thanks
|
by: Greg |
last post by:
Hi,
I've designed a bookmark in Ajax / PHP that I will put soon on
sourceforge.net.
But I've got an very tricky bug.
I try it on some computers with Internet Explorer/Windows, Firefox
1.07/Linux, Firefox 1.5/Linux, Firefox 1.5/Windows and Firefox 1.5/Mac,
Safari/Mac.
It works perfectly on a lot of configurations but, on some PC with
Firefox 1.5/Windows (not all), the Javascript code with XmlHttpRequest
|
by: Matt Kruse |
last post by:
According to HTTP/1.1 specs, a client should only have two connections open
to the host at a time (which can be changed by browser users, of course).
When using xmlHttpRequest connections, is there any way to detect that the
request is queued?
I did some tests (see "Queued Requests" at
http://www.ajaxtoolbox.com/request/examples.php ) and it looks like
readyState 1 is fired immediately after the request is made, even though
it's not...
|
by: Peter Michaux |
last post by:
Hi,
The FAQ correctly says the following:
"Mozilla (NN6.2+, Firefox, Ice Weasle etc), Opera 7.6+, Safari1.2+, the
Windows version of IE versions 5+, and some other browsers provide the
XML HTTP Request object."
In my haze of testing yesterday it seems that NN6.1 provides an
non-functional XMLHttpRequest object and NN6.2 XMLHttpRequest object
| | |
by: perrog |
last post by:
Hi!
What is the expected behaviour when you send an XmlHttpRequest just
before the page is about to unload? I'm sending a XmlHttpRequest on an
onClick event, and I can inspect that the request is sent and
responded in the network traffic, but my onReadyStateChange handler is
notified with an error.
It took me some time to deduce what the real problem was, and I think
my browser begins to tear down the XmlHttpRequest when the page is
|
by: Paul |
last post by:
I am experimenting with XmlHttpRequest, one question about security, if the
request is made from a secure page (https) will the request and response
also be secure?
|
by: pfefferl |
last post by:
Hello,
i have a ajax-webapp (prototype.js) which works without any problems
with IE (also 6.0), FireFox, Opera etc..
Now I have a single client (W2K, IE 6.0.2800.1106, SP1) who has a
strange problem.
Every time, the client sends an async.-POST-xmlhttprequest, IE sends
the request succesfully after 5 minutes - i don't know, what IE does
during this 5 minutes.
|
by: ithinc |
last post by:
Is there a method to send gmail through a xmlhttprequest?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
