javascript - How to POST data to an HTTP page from an HTTPS page - Stack Overflow

admin管理员组

文章数量:1417070

I know this is a long shot, but I figured I'd ask the question anyway.

I have an HTTPS page and am dynamically creating a form. I want to POST the form to an HTTP page. Is this possible without the browser popping up a warning? When I do this on IE8, I get the following message:

Do you want to view only the webpage content that was delivered securely?

Essentially, I'm asking about the inverse of question 1554237.

I know this is a long shot, but I figured I'd ask the question anyway.

I have an HTTPS page and am dynamically creating a form. I want to POST the form to an HTTP page. Is this possible without the browser popping up a warning? When I do this on IE8, I get the following message:

Do you want to view only the webpage content that was delivered securely?

Essentially, I'm asking about the inverse of question 1554237.

• javascript

Share Improve this question Follow edited Apr 20, 2010 at 18:18 user321564 asked Apr 20, 2010 at 18:16 user321564user321564 2111 silver badge33 bronze badges 4

• 1 The title contradicts with the question. Are you posting from HTTPS to HTTP or HTTPS? The error message at least contradicts with the latter. – BalusC Commented Apr 20, 2010 at 18:18
• Your question is, I believe, incorrect. Assuming you meant "to an HTTP" page.... – Jerod Venema Commented Apr 20, 2010 at 18:19
• not sure why you would even want to do this, what are you trying to do? Is it different domains, is it forced ssl? – James Campbell Commented Apr 20, 2010 at 18:20
• Thanks, I fixed the description. – user321564 Commented Apr 20, 2010 at 18:50

Add a ment  | 

6 Answers 6

Sorted by: Reset to default 1

Sadly, I know of absolutely no way to not get warned when posting from HTTPS to HTTP. If you serve the form securely, the browser expects to submit the data securely as well. It would surprise the user if anything else was possible.

Nope, can't be done. Our good friend IE will always pop up that warning.

There is a way to do this if you write a back-end service of your own. So lets say you want to post an HTTP request to s1 using your front-end service fs1.

If you use Spring, you can use an ajax call from fs1 to a 'uri' that is recognized by your spring back-end, say bs1. Now, the service bs1 can make the call to the s1.

Pictorial representation here: https://i.sstatic/2lTxL.png

code:

$.ajax
({
 type: "POST",
 uri:/json/<methodName> 
 data: $('#Form').serialize(),
 success: function(response)
 {
  //handle success here
 },
 error: function (errorResponse)
 {
   //handle failure here
 }
})

You can solve this by either acting as a proxy for the form destination yourself (i.e. let the form submit to your server which in turn fires a normal HTTP request and returns the response), or to let access the page with the form by HTTP only.

If you don't need to actually redirect to the insecure page, you can provide a web service (authenticated) that fires off the request for you and returns the data.

For example: From the authenticated page, you call doInsecure.action which you create as a web service over https. doInsecure.action then makes a manual POST request to the insecure page and outputs the response data.

You should be able to do this with the opensource project Forge, but it sounds like overkill. The Forge project provides a JavaScript interface (and XmlHttpRequest wrapper) that can do cross-domain requests. The underlying implementation uses Flash to enable cross-domain (including http <=> https) munication.

http://github./digitalbazaar/forge/blob/master/README

So you would load the Forge JavaScript and swf from your server over https and then do a Forge-based XmlHttpRequest over http to do the POST. This would save you from having to do any proxy work on the server, but again, it may be more work than just supporting the POST over https. Also, the assumption here is that there's nothing confidential in the form that is being posted.

本文标签： javascriptHow to POST data to an HTTP page from an HTTPS pageStack Overflow