I am developing an online retauil site and want to send payment details using SSL. I have an SSL certificater and I believe I have it successfully installed on my server. I have javascript functions to send and recieve every web action in my isapi application. If I send the payment details using https I get a Firefox error message as follows :- Security Error: Content at http://www.mydomain.com/# may not load data from https://www.mydomain.com/video/video.dll/pay?vid=1&cardholdername=Mark%20Horxxxxxs&cardnumber=4444333322221111&cardexpirymonth=01&cardexpiryyear=12&transactionnumber=54778315&invoicereference=54778315&amount=1000¤cy=AUD&cardholderfirstname=Mark&cardholderlastname=Hoxxxxxs&cardholderemailaddress=markhxxxxxs%40yahoo.com&cardholderpostcode=0810&cardholderaddress=10%20Gaden%20Circuit%0AJingili%20NT&shippingaddress1=10%20Gaden%20Circuit&shippingaddress2=none&shippingcity=Jingili%20NT&shippingpostcode=0810&shippingcountry=Australia&phone=0450287091. The payment form is in a div inside the default page. Do I need to send an http request and get a whole page back? I would have thought the Prototype toolkit did support SSL. Mark Horrocks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Mark, You''re right, Prototype has no problem with SSL. The issue you''re running into is that you''re loading data from a different origin via XHR, which is a no-no. More here: http://en.wikipedia.org/wiki/Same_origin_policy ...but basically, http://www.mydomain.com and https://www.mydomain.com are *not* the same origin from a security standpoint. So you''ll need to use SSL for most (possibly all, depending) of the content related to the payments, not just some of it. Hope this helps, -- T.J. Crowder tj / crowder software / com On Jun 25, 8:59 am, delphi_mark <markhorro...-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:> I am developing an online retauil site and want to send payment > details using SSL. I have an SSL certificater and I believe I have it > successfully installed on my server. > > I have javascript functions to send and recieve every web action in my > isapi application. If I send the payment details using https I get a > Firefox error message as follows :- > > Security Error: Content athttp://www.mydomain.com/#may not load data > fromhttps://www.mydomain.com/video/video.dll/pay?vid=1&cardholdername=Mar.... > > The payment form is in a div inside the default page. Do I need to > send an http request and get a whole page back? I would have thought > the Prototype toolkit did support SSL. > > Mark Horrocks--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
> to use SSL for most (possibly all, depending) of the content related > to the payments, not just some of it. >Then if I just use http request (no prototype or javascript) to get a response (just submit the form from its own action) and return a whole page, would that work? How can I solve this? I can''t run my whole app under ssl. Mark Horrocks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
I fixed this by just submitting my form in https withoput any Javascript intervention. The page it returns then redirects to a non secure page with a thank you message. Is this the best way to solve this problem? Seems a bit of a klutz. Mark Horrocks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
What if you submitted the form from a hidden <iframe> and then have the response call back into the main document? That''s how ajax file uploads are implemented. -Fred On Wed, Jun 25, 2008 at 8:09 AM, delphi_mark <markhorrocks-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:> > I fixed this by just submitting my form in https withoput any > Javascript intervention. The page it returns then redirects to a non > secure page with a thank you message. Is this the best way to solve > this problem? Seems a bit of a klutz.-- Science answers questions; philosophy questions answers. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---