Osvaldo
Reputation: 270
Request to a json resource from an http page to an https server
Can a jsonp request from a user on an http page (made by the browser) to an https server be considered secure?
For example:
The user is on:
On that page there's a form that, on submit, is sends a jsonp request to:
Can the information on the submit form be read as if the api server is on http?
Upvotes: 0
Views: 174
Answers (2)
Quentin
Reputation: 944545
No. While the data can't be sniffed in-flight, the HTTP page triggering the request is vulnerable to alteration by man-in-the-middle attacks. JS could be injected which can then leak the data retrieved via HTTPS.
Upvotes: 2
Vivek
Reputation: 641
ys it is secure provided U send encrypted data to other page and decrypt the info on another page
Upvotes: 0
Related Questions
- HTTP Ajax Request via HTTPS Page
- Trying to retrieve JSONP from HTTP server from a HTTPS website
- Javascript JSON Parsing using https url
- JSONP To Acquire JSON From HTTPS Protocol with JQuery
- getJSON and HTTPS
- Cross domain request using jsonp: from https to http
- HTTPS to HTTP JSONP request
- Is it possible to make a JSONP request from HTTPS to HTTP?
- Cross Domain JSONP over HTTPS
- Using JSONP over SSL