调用从HTTP HTTPS通过AJAX进行登录 [英] Calling HTTPS from HTTP through AJAX for login

问题描述

我知道它违背了同源策略的，这就是为什么它是不可能通过简单的Ajax请求。我可以使用JSONP。但是，使用JSONP进行登录不健全安全不（无后只能获得）。

I know its violates the Same origin policy, and that is why it is not possible through simple ajax request. I could use JSONP. But using JSONP for login doesn't sound secure ( no post only get ).

那么，有没有通过AJAX实现登录到HTTPS更安全的方法是什么？

So is there a more secure way of implementing login into https through ajax ?

推荐答案

它不仅违反了同源策略 ，但因为你是从调用页面是不安全的它有可能被干扰和泄漏你正在试图保持安全的数据。

Not only does it violate the same origin policy, but since the page you are calling from is insecure it has the potential to be interfered with and leak all the data you are trying to keep secure.

使用HTTPS进行的整个过程。

Use HTTPS for the entire process.

更重要的是，继续使用HTTPS当人们登录，否则，你将有的Firesheep问题。

Better yet, keep using HTTPS while people are logged in, otherwise you will have the Firesheep problem.

这篇关于调用从HTTP HTTPS通过AJAX进行登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！