I am having problems calling a web service 开发者_运维知识库using AJAX via HTTP when it's on an HTTPS page.
Is this a cross-domain/protocol problem? Do I need to do the AJAX call in the same protocol as the page?
Just wondering if it's the same problem as trying to do an HTTPS AJAX call when on an HTTP page, I suspect it is.
Any advice appreciated.
Thanks Duncan
Yes, the protocol is part of the same origin policy.
Don't do that. You run a serious risk of someone intercepting and modifying just the HTTP traffic to break your security.
精彩评论