Although it can be problematic UX wise - non AJAX login on non-https and AJAX logins on https could be confusing. Although, if we *are* being MITM'd with http, the MITM'er can just insert JS that pretends to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda <[email protected]> wrote: > Yeah, if you can ensure that the user is viewing the current page via > HTTPS, I think you can offer them AJAX Logins. -- Yuvi Panda T http://yuvi.in/blog _______________________________________________ Mobile-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mobile-l
