jQuery AJAX post to https web api action via cross domain -
i have azure website page needs post form sensitive info service on different domain, has ssl security enabled on service. it's mvc web api [requirehttps] , cross domain requests enabled.
is wrong post sensitive info jquery post via cross domain ? why cors disabled on server nobody kind of operations ? if ok do, how can secure info passed jquery ajax?
jquery phone call :
function workit() { $.support.cors = true; $.ajax({ url: 'https://foo.net/api/web/dostuff', datatype: 'json', contenttype: 'application/json; charset=utf-8', crossdomain: true, type: 'post', success: function (data) { dosomething(); } }); }
is wrong post sensitive info jquery post via cross domain ?
no
is why cors disabled on server nobody kind of operations ?
i'm not sure mean "originally." cors opt-in because many sites' security rely on fact pages can't read script running on domain. case before cors existed, in order maintain backwards compatibility, cors designed allow new sites share info voluntarily, rather breaking old sites.
i should point out simple, blind cross-domain post has been allowed--one set action of form resource site. here, utilize cors because you're consuming info (right?). additonally, not simple request because of content type.
if ok do, how can secure info passed jquery ajax?
there's not much it. current code doesn't have glaring reddish flags. 1 thing in particular code right posts info application/json, mitigates csrf.
jquery ajax security post cross-domain
No comments:
Post a Comment