471,624 Members | 1,767 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,624 software developers and data experts.

AJAX and HTTPS

Hi,

Can anyone confirm is AJAX request can be sent over HTTPS if the
containing page is loaded via HTTPS? or is it true that all AJAX
interaction take place via HTTP? (Since the name of the class is
XMLHttpRequest and not XMLHttpsRequest)

Thanks,
Sameer

Feb 20 '06 #1
3 90574
sa******@gmail.com wrote:
Can anyone confirm is AJAX request can be sent over HTTPS if the
containing page is loaded via HTTPS? or is it true that all AJAX
interaction take place via HTTP? (Since the name of the class is
XMLHttpRequest and not XMLHttpsRequest)


First, there is no such thing as an "AJAX request". What is referred to
by the AJAX (commercial) buzzword now is still merely a well-known XML HTTP
request, i.e. a HTTP request initiated through a host object, implementing
an interface specified in or provided by the MSXML API, and the evaluation
of the corresponsing HTTP response through it. Hence the name of the MSXML
interface, IXMLHTTPRequest, and the host object that implements it.

Second, HTTPS is not another protocol, it is merely HTTP over an SSL/TLS-
encrypted connection. Since that encryption works transparent to the user
agent and so to the object described above, it should be entirely possible
to issue an HTTP request over that connection using that object, too, the
proper protocol part of the request URI ("https:") provided.

Since it works from location-bar script code --

javascript:var x = new XMLHttpRequest(); x.open('GET',
'https://bugzilla.mozilla.org/duplicates.cgi?sortby=delta&reverse=1&maxrows=100& changedsince=30');
x.onreadystatechange = function() { if (x.readyState == 4 && /^2
0/.test(x.status)) alert(x.responseText); }; void(x.send(null));

-- on <URL:https://bugzilla.mozilla.org/> in Firefox 1.5.0.1/Linux, you
should just give it a try.
HTH

PointedEars
Feb 20 '06 #2
Thomas 'PointedEars' Lahn wrote:
Since it works from location-bar script code --

javascript:var x = new XMLHttpRequest(); x.open('GET',
'https://bugzilla.mozilla.org/duplicates.cgi?sortby=delta&reverse=1&maxrows=100& changedsince=30'); x.onreadystatechange = function() { if (x.readyState == 4 && /^2
0/.test(x.status)) alert(x.responseText); }; void(x.send(null));


Grmbl. Someone[tm] stole the "|" from my original test code.
Should have been:

javascript:var x = new XMLHttpRequest(); x.open('GET',
'https://bugzilla.mozilla.org/duplicates.cgi?sortby=delta&reverse=1&maxrows=100& changedsince=30');
x.onreadystatechange = function() { if (x.readyState == 4 &&
/^2|0/.test(x.status)) alert(x.responseText); }; void(x.send(null));

The first version would work here too, because the status code of an
expected response would be within the 20x range. However, the second
version is more generic and handles requests on non-HTTP(S) resources,
too (which is not necessary here, though). See also

<URL:http://msdn.microsoft.com/library/en-us/xmlsdk/html/f6de15fc-72e9-418e-b275-d94b0b2045de.asp>
and
<URL:http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html>
(or <URL:http://www.rfc-editor.org/rfc/rfc2616.txt>)
PointedEars
Feb 20 '06 #3
Thomas 'PointedEars' Lahn wrote:
<snip>
... . Since that encryption works transparent to the user
agent and so to the object described above, it should be
entirely possible to issue an HTTP request over that
connection using that object, too, the proper protocol
part of the request URI ("https:") provided.

<snip>

Just to be absolutely unambiguous; XML HTTP requests work over https
exactly as they do over http. If they did not our QA department would
have said something by now as they test over https almost exclusively,
and our web applications use web services (and so XML HTTP requests) so
extensively that they would not do much if they did not work.

Richard.
Feb 20 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

gregerly
1 post views Thread by gregerly | last post: by
1 post views Thread by XIAOLAOHU | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.