search

jpillora / xdomain

A pure JavaScript CORS alternative
https://jpillora.com/xdomain/
3.12k stars 270 forks source link

https over http #105

Closed theseyi closed 10 years ago

theseyi commented 10 years ago

Hey @jpillora,

I have a question about your solution's use of iFrames and the postMessage api. If I have a master that uses a secure protocol but the slave runs on http in the iFrame, will that raise issues with browsers that have issues with running unsecure content on the web page?

Thanks for your help. Amazing work :)

jpillora commented 10 years ago

It can cause issues in some browsers, safest thing to do is to use https everywhere

On Thursday, August 14, 2014, Seyi notifications@github.com wrote:

Hey @jpillora https://github.com/jpillora,

I have a question about your solution's use of iFrames and the postMessage api. If I have a master that uses a secure protocol but the slave runs on http in the iFrame, will that raise issues with browsers that have issues with running unsecure content on the web page?

Thanks for your help. Amazing work :)

— Reply to this email directly or view it on GitHub https://github.com/jpillora/xdomain/issues/105.

theseyi commented 10 years ago

Ah, indeed, thanks for the clarification. I didn't see this in the documentation and figured it might be an issue.