0

I am using JQuery ajax for authenticating username and password, however due to security reason I need to call HTTPS request.

Below is my JQuery Code: where I need to implement the HTTPS call.

 //Submitting the form $("#loginDetails > form").submit(function() { //Hiding the Login button $("#loginButton").hide(); //Showing the ajax loading image $("#ajaxloading").show(); // 'this' refers to the current submitted form var str = $(this).serialize(); // -- Start AJAX Call -- $.ajax({ type: "POST", url: "Login.aspx", // Send the login info to this page data: str, success: function(result) { $("#loginDetails").ajaxComplete(function(event, request, settings) { // Show 'Submit' Button $('#loginButton').show(); // Hide Gif Spinning Rotator $('#ajaxloading').hide(); var resLength = result.trim().length; if(resLength!=0) { var arr = result.split(","); var fname = arr[0]; var lname = arr[1]; var activeCardNo = arr[2]; var multipleTier = arr[3]; var activeStatus = arr[4]; var access = arr[5]; if(access!='' && access!='undefined') // LOGIN OK? { $('.validateTips').hide(); var login_response = '<div id="logged_in">' + '<div style="width: 350px; float: left; margin-left: 80px;">' + '<div style="width: 40px; float: left;">' + '<img style="margin: 22px 0px 10px 0px;" align="absmiddle" src="system/images/ajax-loader.gif">' + '</div>' + '<div style="margin: 24px 0px 0px 10px; float: right; width: 300px;">'+ "You are successfully logged in! <br /> Please wait while you're redirected...</div></div>"; $('#loginButton').hide(); $('#closeBtn').hide(); $('#divMember').text(fname +' '+ lname); $('#spnSkywardsNo').text(activeCardNo); $('#spnTierStatus').text(multipleTier); $("#ui-dialog-title-skywardsLogin").text(getDataFromResourceFile('pleaseWait')); $('#divSuccessLogin').html(login_response); $('#divSuccessLogin').show(); $('#loginDetails').hide(); //$(this).html(login_response); // Refers to 'status' // After 3 seconds redirect the setTimeout(closeDialog, 3000); } } else// ERROR? { var login_response = getDataFromResourceFile('InvalidUsername'); $('.validateTips').html(login_response); } }); } }); // -- End AJAX Call -- return false; });

The above code works perfect, but due to security issues, I need to change my call call to HTTPS, so my ajax call will not be "Login.aspx" it will be "https://login.aspx"

Please suggest how to achieve this, so that my security is maintained and there will not be any security conflict.

Improve this question

1 Answer 1

Reset to default
4

This will happen by default if the page is https://, this has to be the case...you can't make an AJAX request from an http:// page to an https:// destination, and vice-versa. When you try this, it's seen as a different protocol, and in violating of the same origin policy, so you'll be prevented from seeing the response.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Can you please clear it, so what I understand with above wordings that, if the page is HTTPS then it will automatically be handled and there will not be security violations, if possible please suggest with some examples..thanks
@Nick: Well, you can do it -- using CORS or JSON-P -- but you have to do it on purpose. :-)
@T.J. - that's not an AJAX request :)
@MKS: If the page itself was requested and served via https, then anything relative to it (for instance, the URL Login.aspx) will also be requested and served via https. No need for you to do anything special. It's only if you have a page served insecurely (http) that you would have to make a special effort to handle anything else via https.
@MKS - that's correct, if the page is https:// and your path is relative (e.g. Login.aspx like you have, or /path/Login.aspx, not http://site.com/Login.aspx) then the request is also https://, it'll stay on the same protocol.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.