Reputation: 8056
CORS ajax call to self-signed secure URL
I have a website hosted on domain-a.com, which we are about to install an SSL certificate on. The certificate is issued by a CA so it will be trusted by browsers.
After pageload on domain-a.com, an ajax call is made to domain-b.com using CORS to retrieve some additional information to display on the page.
I have two questions:
Do I also need to install an SSL certificate on domain-b.com? What will happen in the users browser if I don't?
If I do install an SSL certificate on domain-b.com, but I use a self-signed certificate as opposed to one issued by a CA, will that work, or will there be warnings/errors thrown by the user's browser?
Upvotes: 1
Views: 874
Answers (1)
Reputation: 8056
I set up some test pages to see how this behaved, and it looks like you do need to install SSL on domain-b.com. Most browsers I tested blocked the nonsecure content. Others gave a warning. The same things happened if domain-b.com had a self-signed certificate. The connection was still blocked.
The simplest and cheapest solution I found was to install a free SSL certificate from StartSSL on domain-b.com. This CA seems to be recognized by the browsers I tested on so the connection to domain-b.com works fine. If anyone sees any issues with this that I'm not thinking of, please let me know.
Upvotes: 1
Related Questions
- Ajax CORS Request with http 401 in preflight
- HTTPS and HTTP CORS
- CORS jQuery AJAX request
- How to set up CORS in an AJAX request
- CORS: Accessing ssl endpoint from non ssl site
- CORS authentication with jQuery
- CORS AJAX Call not Successful
- AJAX Request From HTTPS Page to HTTP Url
- CrossDomain ajax request using CORS
- Ajax using https on an http page