IE8可以将跨域请求从HTTP发布到HTTPS吗? [英] Can IE8 post cross-domain requests from HTTP to HTTPS?

问题描述

我正在尝试使用Ajax从HTTP域向HTTPS域发出安全的身份验证POST请求.对于Firefox，Chrome和其他现代浏览器，可以使用CORS请求执行此操作.不幸的是，IE8和IE9不支持CORS，这使这种身份验证变得困难.

I'm trying to make a secure authentication POST request from an HTTP domain to an HTTPS domain using Ajax. For Firefox, Chrome and other modern browsers, it's possible to do this using a CORS request. Unfortunately IE8 and IE9 don't support CORS, which makes this type of authentication difficult.

在解决方法演示适用于IE9，但不适用于IE8 .

In point 7 of XDomainRequest - Restrictions, Limitations and Workarounds, Eric Law mentions a workaround for IE's limitation on HTTP-to-HTTPS cross-domain requests. However, while the workaround demo works for IE9, it doesn't work for IE8.

对于IE8，是否还有其他解决方法可以将跨域POST请求从HTTP域发送到HTTPS域?

Is there any other workaround for IE8 to send a cross-domain POST request from an HTTP domain to an HTTPS domain?

请注意，可能不会发送JSONP GET请求，因为在身份验证请求的URL参数中传递用户凭据意味着凭据将被记录在Web服务器日志文件中.如果这些日志被泄露，那么用户的凭据也将被泄露.

Note that sending a JSONP GET request probably won't due, because passing user credentials in the authentication request's URL parameters means that the credentials would be recorded in web server logs files. If those logs were compromised, then users' credentials would be compromised too.

推荐答案

该演示不起作用，因为IE8不支持添加事件侦听器的addEventListener方法.相反，该演示应使用attachEvent方法.

The demo doesn't work because IE8 doesn't support the addEventListener method for adding event listeners. Instead, the demo should use the attachEvent method.

如果使用正确的attachEvent方法，我已经证实它可以在IE8中工作.

I have verified that it works in IE8 if the correct attachEvent method is used.

这篇关于IE8可以将跨域请求从HTTP发布到HTTPS吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！