The issue is that the page is loaded with http, and on the website we
open up a lightbox for login, the login form is then submitted through
XMLHttpRequest and I'm pretty sure that we cannot submit the form in
HTTPS if the page was loaded through HTTP.
Now, I'm not the first person to deal with this and I found a good
thread about it here:
http://stackoverflow.com/questions/1105934/ajax-http-https-problem
Anyone knows the best way forward?
Remi
--
Rémi Gabillet
8tracks CTO & co-founder
There are few things you guys could look into:
1) why can't you point the lightbox to call the login through https.
I.e. pass to your lightbox https://8tracks.com/login instead of
http://8tracks.com/login.
This way the form submission using https:// would happen from a page
loaded via https:// (this is my thinking anyway). It will not make
the user happy anyway, as they will see http:// (no padlock) in the
address box of their browser.
2) try forcing nginx to rewrite all http requests to 8tracks.com/login
to use https://
Have a look here:
http://www.ruby-forum.com/topic/179377
3) In case you get HTTP 411 (Length required) response from your
server to your ajax call, simply add empty data (Length:0) to your
https:// post request:
$.ajax({
url: url,
type: 'POST',
data: {}, // <- set empty data
success: function(data, textStatus) {
// do something
}
});
hope some of this helps.
make sure that http://8tracks.com and https://8tracks.com resolve to the same
You should be able to submit forms or ajax calls through https no problem.
--
Daniel Drozdzewski
On 11 February 2012 23:06, Daniel Drozdzewski
--
Daniel Drozdzewski
I've been working on this actually and we're going the CORS
(http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing) way since
it's the easier for us to integrate. The only downside is that it
won't work on Opera so Opera users (all 0.6% of 8tracks users lol)
wont get https login unless they load the full login page.
I'll let you know when it's up.
Remi
--
----
Ray Slakinski
Sorry for the late reply.I've been working on this actually and we're going the CORS
(http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing) way since
it's the easier for us to integrate. The only downside is that it
won't work on Opera so Opera users (all 0.6% of 8tracks users lol)
wont get https login unless they load the full login page.I'll let you know when it's up.
Remi