Osvaldo
Osvaldo

Reputation: 270

Request to a json resource from an http page to an https server

Can a jsonp request from a user on an http page (made by the browser) to an https server be considered secure?

For example:

The user is on:

http://www.example.net

On that page there's a form that, on submit, is sends a jsonp request to:

https://secureapi.net

Can the information on the submit form be read as if the api server is on http?

Upvotes: 0

Views: 174

Answers (2)

Quentin
Quentin

Reputation: 944550

No. While the data can't be sniffed in-flight, the HTTP page triggering the request is vulnerable to alteration by man-in-the-middle attacks. JS could be injected which can then leak the data retrieved via HTTPS.

Upvotes: 2

Vivek
Vivek

Reputation: 641

ys it is secure provided U send encrypted data to other page and decrypt the info on another page

Upvotes: 0

Related Questions