Hi there, i am currently developing a web application, that is working with http. In order to send sensible user information (passwords) to a database using XMLHttpRequest i want to do it via https. My browser (Firefox 1.5.0.6) tells my in that case, that access to XMLHttpRequest.open is denied. I think the reason are the different protocols of the calling page (http) and the XMLHttpRequest (https).
Is there a way to bypass this problem? Why is the same host using different protocols (http vs. https) considered to be different? I found an (ugly) solution using an iframe, but that affords multiple hops to get the DB-result back to my javascript application. In this solution i request a page via https wich itself 'redirects' to http carrying th final result as a call to a function in the parent document. Any ideas? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
