Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
just wondering if there could be any issue building a shopping cart using Backbone.js and more specifically if there were any security issues using hash-bangs over HTTPS?
Also I guess I can POST credit card details through AJAX, correct?
Cheers,
You still need robots.txt to keep your urls from being indexed, even if you’re using HTTPS. The
#!(hashbang) as opposed to#(hash) provides a way to index sites by their url fragment. Instructions for disallowing are on the google page about indexing hashbang. In practice you likely won’t have to worry about it because google’s crawlers aren’t authenticated and won’t index an error. But if a Google Toolbar is installed the URLs with fragments may be sent to Google before Google determines that the URL+fragment will not be indexed. To simplify things, you could use#instead of#!after logging in; a#deep link will not be indexed.If a request is made through HTTPS, it’s encrypted, whether it’s AJAX or not. If your backbone model url starts with
https://, it will either send it encrypted or fail. From a network eavesdropping perspective, it’s the same as posting without AJAX.