0

I am working with JQuery, I have got below code sample for JQuery:

$.ajax({  
        type:"GET",        
        url: "Login.aspx",  // Send the login info to this page
        data: str, 
        dataType: "jsonp", 
        timeout: 200000,
        jsonp:"skywardDetails",
        success: function(result)
        { 
             // Show 'Submit' Button
            $('#loginButton').show();

            // Hide Gif Spinning Rotator
            $('#ajaxloading').hide();  
         } 

    });

The above code works fine, however due to "GET", some data gets visible when it requested, I tried using "POST", but in my previous post all the experts refused that we can't use "POST", can anybody suggest how can have the security, I suppose we can do something with "IFRAME", please suggest if we have got some examples using IFRAME.

Community
  • 1
  • 1
Manoj Singh
  • 7,569
  • 34
  • 119
  • 198

3 Answers3

1

One method is to open a page of the distant site in an invisible iframe, and then that page opens a page of the local site in an inner iframe, and the outermost and the innermost iframe can communicate freely. I don't see why you would need it though, a POST AJAX call is just as visible as a GET AJAX call.

Tgr
  • 27,442
  • 12
  • 81
  • 118
  • Thanks @Tgr, in GET we can see the actual data flow in URL, while in POST it is not there – Manoj Singh Dec 24 '10 at 08:25
  • @MKS: you can see the data in a POST request too; it would be fairly pointless to send a request in which one cannot see the data. Sure, POST does not put the data in an URL, but that difference is irrelevant in an AJAX call, unless you would hit URL length limits (or you want to follow REST conventions or something like that). – Tgr Dec 24 '10 at 13:25
  • Thanks @Tgr for response...I am sending "Username" and "Password" using "GET" JSONP....this is my one of the concerns. As my username and password will be seen in url and as you know JSONP doesn't have "POST".. please suggest is it OK to send username and password? or what I can do in term of security – Manoj Singh Dec 24 '10 at 13:57
  • @MKS, again, sending something in AJAX POST offers very little extra safety over sending it in AJAX GET. (The only difference I can think of is when you use some web statistics software to publish data in your webserver logs, GET arguments will be published; but there is no reason to do that anyway.) Personally I wouldn't bother making a POST call just because of that, but if you really want to, I described in the answer one way to do that. – Tgr Dec 24 '10 at 20:41
0

The answer to your previous post is correct. You cannot load a remote *.js file through the POST protocol with a <script> tag, the same that you cannot use <img> to post a picture.

If you need to authenticate with a remote site, your only chance is using good old forms.

Álvaro González
  • 142,137
  • 41
  • 261
  • 360
  • 1
    Thanks @Alvaro...but I know that we can't use "POST" in JSONP, I am looking for IFRAME solution instead, can you please suggest how to achieve this using IFRAME – Manoj Singh Dec 22 '10 at 11:09
0

Have you read about Fragement Identifier method http://softwareas.com/cross-domain-communication-with-iframes The post descibes about cross domain communication with iframes using changing fragement identifiers.

sushil bharwani
  • 29,685
  • 30
  • 94
  • 128
  • Thanks @Sushil, it really wired for me, I have not got so much idea for IFRAME solution for cross browser interaction. – Manoj Singh Dec 22 '10 at 11:26