Geek Answers Handbook

AJAX message not working with HTTPS

I'm having a rather nasty problem with the jquery post function, which is probably due to not understanding how it works correctly.

I have a function that needs to post some form information in a php script that I wrote, and that the script then runs swirling requests against the API to get around the cross-domain javascript policy. It seems to be working fine as long as it submits to "http", but when I submit it to "https", the form never submits.

I ran wirehark on my computer and it did not show traffic in the direction of the destination IP address until I used the url url. I have basic auth on the server, so I pass the user and password through the URL, but tested without it and got the same results.

Here is the broken code:

$j.post("https://<api user>:<password>@<ip>:444/ProxyScript.php", $j("#spoke_ticket").serialize(), function(msg) { log_status(msg); fade_status(); $j(':input','#createtheticket') .not(':button, :submit, :reset, :hidden') .val('') .removeAttr('checked') .removeAttr('selected'); });

Here is the working function:

 $j.post("http://<other ip>/ProxyScript.php", $j("#spoke_ticket").serialize(), function(msg) { log_status(msg); fade_status(); $j(':input','#createtheticket') .not(':button, :submit, :reset, :hidden') .val('') .removeAttr('checked') .removeAttr('selected'); });

Any ideas as to why traffic is not being sent? Let me know if I left some key information or something else.

thanks for the help

+7
source share
2 answers

Why not use a proxy to overcome the cross-domain access problem? That sounds easier. A simple example: when I want to get the Danish national geodata for countries, road names, etc. (I was lucky their data in json or XML is optional)

simplified proxy .php

 <? header('Content-type: application/json'); $url=$_GET['url']; $html=file_get_contents($url); echo $html; ?>

in ajax, get lat / longs for county border

 var url= "proxy.php?url=https://geo.oiorest.dk/"+type+"/"+nr+"/graense.json"; $.ajax({ url: url, dataType: 'json', success: function (data) { ... });

pay attention to https - maybe, for example, url, https://geo.oiorest.dk/kommuner/0810/graense.json

0
source

If you are making an AJAX message from an http page to an https URL, then the cross-domain policy is triggered because the protocol is also part of the origin specification, as described here . The browser will refuse to call AJAX, so you do not see traffic.

Discussed solution:

Ajax using https on the http page

So your best bet is the Access-Control-Allow-Origin header, which should now be supported in most modern browsers.

So make your server by adding the following header to the responses:

 Access-Control-Allow-Origin: https://www.mysite.com

If for some reason you cannot force this, then the only option on the left will be JSONP .

+2
source

More articles:


All Articles