Reputation: 667
Can IE8 post cross-domain requests from HTTP to HTTPS?
I'm trying to make a secure authentication POST request from an HTTP domain to an HTTPS domain using Ajax. For Firefox, Chrome and other modern browsers, it's possible to do this using a CORS request. Unfortunately IE8 and IE9 don't support CORS, which makes this type of authentication difficult.
In point 7 of XDomainRequest - Restrictions, Limitations and Workarounds, Eric Law mentions a workaround for IE's limitation on HTTP-to-HTTPS cross-domain requests. However, while the workaround demo works for IE9, it doesn't work for IE8.
Is there any other workaround for IE8 to send a cross-domain POST request from an HTTP domain to an HTTPS domain?
Note that sending a JSONP GET request probably won't due, because passing user credentials in the authentication request's URL parameters means that the credentials would be recorded in web server logs files. If those logs were compromised, then users' credentials would be compromised too.
Upvotes: 1
Views: 1805
Answers (1)
Reputation: 2630
The demo doesn't work because IE8 doesn't support the addEventListener method for adding event listeners. Instead, the demo should use the attachEvent method.
I have verified that it works in IE8 if the correct attachEvent method is used.
Upvotes: 1
Related Questions
- Can XDomainRequest be made to work with SSL?
- Cross dromain posting data in ie9 from http server to https server
- cross domain ajax call over SSL with windows auth fails on Internet Explorer
- Cross-domain AJAX POST withCredentials and IE8+ compatibility
- Is it possible to make a cross domain request from https to http in IE?
- AJAX cross-domain request IE 8+
- Using XDomain object for IE8+ in Jquery
- Javascript Cross domain requests in IE8
- Cross-Site XmlHttp (XDomainRequest)
- Sending cross-domain data in IE6, 7, 8 & 9