Reputation: 15850
Posting to HTTPS form via Ajax.BeginForm construct
Is it possible to post from an http page to an https form? Here is the example of the code and I'm not sure how to make it post to HTTPS version of the page. Using MVC4
@using (Ajax.BeginForm("Register", "Home", null, new AjaxOptions { UpdateTargetId = "dlgPopup" }, new { @class = "form_main", id = "form_register"}))
Simply putting [RequireHttps] attribute onto the controller action does not seem to be working.
Upvotes: 1
Views: 591
Answers (1)
Reputation: 32500
As you already suspect, this kind of request violates the Same origin policy. IIS takes precautions against XSS, Forgery, and numerous attacks.
In the case of sub-domains, this can be adjusted as a setting within IIS. But in cases of protocol change, you would not be able to simply make a request to Secure Socket Layer from a page that isn't similarly "protected" already.
Making your challenge even greater, you would be sending non-encrypted data to a page that requires protected data format. As your action method has been instructed not to trust non-encrypted data it should reject the request. I wonder if the Method would even be considered a match, but this should be confirmed in JS debugger (404 error would be indication of non-match).
Upvotes: 1
Related Questions
- Ajax POST call to ASP.NET MVC controller giving net::ERR_CONNECTION_RESET
- Ajax POST FormData not working in https(Secured Link)
- Make a AJAX HTTPS POST Request with parameters in header
- Posting form without @HTML.Beginform and using Jquery(ajax) in asp.net MVC
- ASP.NET MVC - HTML.BeginForm and SSL
- Post a form with Ajax to ASP.NET MVC Controller
- HTML: Post form from http to https
- ASP.Net (C#) How to POST to HTTPS from an HTTP page
- Ajax post via https from an http page
- Best way to create form with Html.BeginForm() that should be SSL?