473,508 Members | 2,390 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Individual XmlHttpRequest requests over HTTPS??

Hi,

I have a page that makes many XmlHttpRequest requests from a single
page. This works fine but I need some requests to be made over a
secure connection. To my understanding, when setting the location of
the path to the file to fetch during the XmlHttpRequest request it has
to the be the path relative to the web page such as /secret.php and
NOT a full URL such as https://www.example.com/secret.php .. is this
about the general idea?? Would I be correct in saying that the only
way I can made secure requests by making the whole page HTTPS?? The
only problem for me with this is that every transfer form the server
(images, non-private data, etc) would have to be over HTTPS which puts
some excess strain at the backend when onl a small portion of data
needs to be protected.

Can anyone make any suggestions that might help me solve this issue?
Thanks

Burnsy
Jun 27 '08 #1
2 4107
On May 29, 12:03 pm, bizt wrote:
Hi,

I have a page that makes many XmlHttpRequest requests from a
single page. This works fine but I need some requests to be
made over a secure connection. To my understanding, when
setting the location of the path to the file to fetch during
the XmlHttpRequest request it has to the be the path relative
to the web page such as /secret.php and NOT a full URL such
as https://www.example.com/secret.php.. is this about the
general idea??
No, the URL used with XML HTTP request objects may be absolute or
relative.
Would I be correct in saying that the only way I can made
secure requests by making the whole page HTTPS??
Yes, but not any reason related to the form of the URL, but rather
because a page originating from one domain may not make XML HTTP
requests to another domain (and http: and https: domains cannot be the
same domain).
The only problem for me with this is that every transfer
form the server (images, non-private data, etc) would
have to be over HTTPS which puts some excess strain at
the backend when onl a small portion of data needs to be
protected.
Yes, there is an overhead in HTTPS.
Can anyone make any suggestions that might help me solve
this issue?
It is going to be important to encourage the client-side caching of
everything that can be (safely) cached, such as images and JS files.
Over an HTTPS connection the browser is very likely to default to
considering everything it receives as 'private' (and so non-cacheable
(which makes sense if a secure protocol is in use)) unless it receives
HTTP headers that positively assert otherwise.
Jun 27 '08 #2
Henry wrote:
On May 29, 12:03 pm, bizt wrote:
>I have a page that makes many XmlHttpRequest requests from a
single page. This works fine but I need some requests to be
made over a secure connection. To my understanding, when
setting the location of the path to the file to fetch during
the XmlHttpRequest request it has to the be the path relative
to the web page such as /secret.php and NOT a full URL such
as https://www.example.com/secret.php.. is this about the
general idea??

No, the URL used with XML HTTP request objects may be absolute or
relative.
However, since XHR does not allow accessing another domain from within the
sandbox, the set of reasonable uses of (absolute) URIs (in contrast to
relative URI-references, commonly called "relative URIs") there is rather
limited.
>Would I be correct in saying that the only way I can made
secure requests by making the whole page HTTPS??

Yes, but not any reason related to the form of the URL, but rather
because a page originating from one domain may not make XML HTTP
requests to another domain (and http: and https: domains cannot be the
same domain).
http: and https: domains can be the same domain, of course. However, the
Same Origin Policy considers them to be of different origin even if the
domain is the same, because at least the URI scheme (and so supposedly, here
actually, the transfer protocol) is not.
PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
Jun 27 '08 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
9
13823
XmlHTTPRequest and responseXML in IE
by: Chris Smith | last post by:
Been banging my head against this one for some time. I'm attempting to use XmlHTTPRequest to read an XML document from the web server and interact with it using the DOM. So far, I've had less...
Javascript
2
10141
XMLHTTPRequest Over SSL
by: John Yopp | last post by:
Is there any way of making XMLHTTPRequest calls using SSL? Thanks
Javascript
42
34092
Problem with XmlHttpRequest (0x80040111 / nsIXMLHttpRequest.status) on several configurations
by: Greg | last post by:
Hi, I've designed a bookmark in Ajax / PHP that I will put soon on sourceforge.net. But I've got an very tricky bug. I try it on some computers with Internet Explorer/Windows, Firefox...
Javascript
25
11244
xmlHttpRequest connection limit - detecting if a request is in the queue
by: Matt Kruse | last post by:
According to HTTP/1.1 specs, a client should only have two connections open to the host at a time (which can be changed by browser users, of course). When using xmlHttpRequest connections, is...
Javascript
5
2374
FAQ 4.34 note about XMLHttpRequest in NN6.2+
by: Peter Michaux | last post by:
Hi, The FAQ correctly says the following: "Mozilla (NN6.2+, Firefox, Ice Weasle etc), Opera 7.6+, Safari1.2+, the Windows version of IE versions 5+, and some other browsers provide the XML...
Javascript
3
7065
XmlHttpRequest cancelled when the page is unloaded
by: perrog | last post by:
Hi! What is the expected behaviour when you send an XmlHttpRequest just before the page is about to unload? I'm sending a XmlHttpRequest on an onClick event, and I can inspect that the request...
Javascript
2
419
XmlHttpRequest
by: Paul | last post by:
I am experimenting with XmlHttpRequest, one question about security, if the request is made from a secure page (https) will the request and response also be secure?
Javascript
2
2708
IE 6 hangs after XmlHttprequest for 5 minutes
by: pfefferl | last post by:
Hello, i have a ajax-webapp (prototype.js) which works without any problems with IE (also 6.0), FireFox, Opera etc.. Now I have a single client (W2K, IE 6.0.2800.1106, SP1) who has a strange...
Javascript
4
2186
Is there a method to send gmail through a xmlhttprequest?
by: ithinc | last post by:
Is there a method to send gmail through a xmlhttprequest?
Javascript
0
7120
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7494
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5626
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5050
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4706
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3180
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1553
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
763
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
415
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us