Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Can a jsonp request from a user on an http page (made by the browser) to an https server be considered secure?
For example:
The user is on:
On that page there’s a form that, on submit, is sends a jsonp request to:
Can the information on the submit form be read as if the api server is on http?
No. While the data can’t be sniffed in-flight, the HTTP page triggering the request is vulnerable to alteration by man-in-the-middle attacks. JS could be injected which can then leak the data retrieved via HTTPS.