Results 1 to 4 of 4

Thread: (Solved - Not possible) Is an Ext.Ajax POST to https:// (SSL) Secure?

  1. #1
    Sencha User
    Join Date
    Mar 2008
    Location
    Marietta, GA
    Posts
    93

    Question (Solved - Not possible) Is an Ext.Ajax POST to https:// (SSL) Secure?

    If I have a standard unsecure connection at http:// posting form variables to https:// action, this has been indicated as secure to me. (Note: this is how DiscoverCard.com and others works)

    Is an Ext.Ajax POST to an https:// URL gonna' be as secure? (I'm assuming it's gonna' be the same)

    Thanks!

    Jason
    Don't measure excellence against others, but rather against the best implementation of yourself.

  2. #2
    Sencha User
    Join Date
    Mar 2008
    Location
    Marietta, GA
    Posts
    93

    Default

    Turns out, this is a loaded question.

    The idea was to have a form submit cross domain (it would have to be cross-domain if you were going from http: to https.
    But without actually changing pages (ergo through an Ext.ajax call). Well, Ajax calls don't work cross-domain, by design. So, it simply won't work the way I intended it.

    My problem was that I wanted to submit secure information, handle it, and then change pages based on the return. Well, you can use ext form submit (original / native / "standardSubmit") to do this via SSL, but if there's anything wrong with the information, the user has to retype the form all over again or you'd have to submit that info from the https: page to the http: page (unsecure).

    Lastly, I considered a session variable, but that won't work cross-domain either. At least not with my PHP implementation.

    J
    Don't measure excellence against others, but rather against the best implementation of yourself.

  3. #3
    Sencha User Animal's Avatar
    Join Date
    Mar 2007
    Location
    Bédoin/Nottingham
    Posts
    30,892

    Default

    If standardSubmit works, then so will fileUpload: true

    You will then of course have to parse the request packet as a multipart message, but there are utility classes available for that.

  4. #4
    Sencha User Animal's Avatar
    Join Date
    Mar 2007
    Location
    Bédoin/Nottingham
    Posts
    30,892

    Default

    Hmm. Well it won't be able to scrape the document to read any response (The document will belong to the other domain), but the actual submission will have taken place.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •