PDA

View Full Version : (Solved - Not possible) Is an Ext.Ajax POST to https:// (SSL) Secure?



jasondeegan
26 Apr 2010, 12:42 PM
If I have a standard unsecure connection at http:// posting form variables to https:// action, this has been indicated as secure to me. (Note: this is how DiscoverCard.com and others works)

Is an Ext.Ajax POST to an https:// URL gonna' be as secure? (I'm assuming it's gonna' be the same)

Thanks!

Jason

jasondeegan
27 Apr 2010, 6:05 AM
Turns out, this is a loaded question.

The idea was to have a form submit cross domain (it would have to be cross-domain if you were going from http: to https:).
But without actually changing pages (ergo through an Ext.ajax call). Well, Ajax calls don't work cross-domain, by design. So, it simply won't work the way I intended it.

My problem was that I wanted to submit secure information, handle it, and then change pages based on the return. Well, you can use ext form submit (original / native / "standardSubmit") to do this via SSL, but if there's anything wrong with the information, the user has to retype the form all over again or you'd have to submit that info from the https: page to the http: page (unsecure).

Lastly, I considered a session variable, but that won't work cross-domain either. At least not with my PHP implementation.

J

Animal
27 Apr 2010, 6:09 AM
If standardSubmit works, then so will fileUpload: true

You will then of course have to parse the request packet as a multipart message, but there are utility classes available for that.

Animal
27 Apr 2010, 6:11 AM
Hmm. Well it won't be able to scrape the document to read any response (The document will belong to the other domain), but the actual submission will have taken place.