请求从http页面到https服务器的json资源 [英] Request to a json resource from an http page to an https server
本文介绍了请求从http页面到https服务器的json资源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
来自http页面(由浏览器制作)的用户对https服务器的jsonp请求是否可以被认为是安全的?
Can a jsonp request from a user on an http page (made by the browser) to an https server be considered secure?
例如:
用户开启:
在该页面上有一个表单,在提交时,它发送一个jsonp请求:
On that page there's a form that, on submit, is sends a jsonp request to:
是否可以读取提交表单上的信息,好像api服务器在http?
Can the information on the submit form be read as if the api server is on http?
推荐答案
无。虽然无法在飞行中嗅探数据,但触发请求的HTTP页面很容易受到中间人攻击的影响。可以注入JS,然后泄漏通过HTTPS检索的数据。
No. While the data can't be sniffed in-flight, the HTTP page triggering the request is vulnerable to alteration by man-in-the-middle attacks. JS could be injected which can then leak the data retrieved via HTTPS.
这篇关于请求从http页面到https服务器的json资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
