Whoops... typo :)
I promise to use === as well
if ( window.location.protocol === 'https' ) {
" From the result of this talk it sounded like we could do login via
JavaScript as long as we could ensure the user was on HTTPS the time
of login."
On Wed, Feb 5, 2014 at 11:25 AM, Yuvi Panda <[email protected]> wrote:
> Although it can be problematic UX wise - non AJAX login on non-https
> and AJAX logins on https could be confusing. Although, if we *are*
> being MITM'd with http, the MITM'er can just insert JS that pretends
> to have AJAX login...
>
> On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda <[email protected]> wrote:
>> Yeah, if you can ensure that the user is viewing the current page via
>> HTTPS, I think you can offer them AJAX Logins.
>
>
>
> --
> Yuvi Panda T
> http://yuvi.in/blog
>
> _______________________________________________
> Mobile-l mailing list
> [email protected]
> https://lists.wikimedia.org/mailman/listinfo/mobile-l
_______________________________________________
Mobile-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mobile-l
