Reputation: 270
Can a jsonp request from a user on an http page (made by the browser) to an https server be considered secure?
For example:
The user is on:
On that page there's a form that, on submit, is sends a jsonp request to:
Can the information on the submit form be read as if the api server is on http?
Upvotes: 0
Views: 174
Reputation: 944550
No. While the data can't be sniffed in-flight, the HTTP page triggering the request is vulnerable to alteration by man-in-the-middle attacks. JS could be injected which can then leak the data retrieved via HTTPS.
Upvotes: 2
Reputation: 641
ys it is secure provided U send encrypted data to other page and decrypt the info on another page
Upvotes: 0