jQuery ajax 和 SSL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6418620/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
jQuery ajax and SSL?
提问by Hailwood
In our site certain pages use SSL, most pages however don't (as they need to be crawled by web bots).
在我们的网站中,某些页面使用 SSL,但大多数页面不使用(因为它们需要被网络机器人抓取)。
It pretty much boils down to any page where the user is logged in, with a few exceptions is under SSL,
它几乎可以归结为用户登录的任何页面,只有少数例外是在 SSL 下,
But the user first has to login from a non https page (The login form is a form that drops from the top of the screen on any page).
但是用户首先必须从非 https 页面登录(登录表单是从任何页面的屏幕顶部掉落的表单)。
So,
所以,
How can I force the requests over ajax to use SSL?
如何通过 ajax 强制请求使用 SSL?
Is this even secure?
这甚至安全吗?
采纳答案by nzifnab
It violates JavaScript's same-origin policy, because it doesn't see the HTTPS URL as being from the same source as the HTTP URL. You can get around this by using JSONP or setting a Access-Control-Allow-Originheader in the response from the web service. Many web services will be setup to do this already.
它违反了 JavaScript 的同源策略,因为它没有将 HTTPS URL 视为与 HTTP URL 来自同一来源。您可以通过使用 JSONP 或Access-Control-Allow-Origin在来自 Web 服务的响应中设置标头来解决此问题。许多 Web 服务将被设置来执行此操作。
