JQuery.ajax not using HTTPS
So, I am calling a web service from jQuery using the .ajax method. The page that is calling the method is an HTTPS/SSL page, yet when the call is made, jQuery keeps making an HTTP request and it is failing because the server is set up to redirect all HTTP traffic to HTTPS...so a 301 error is coming back.
I have inspected my code a million times and tried a million ways to generate the url parameter for the ajax query. (using // for relative and now just appending the protocol https to the beginning of the url. Here is my javascript:
function add_inbound_record(serial_number, pass_fail_value)
{
pfv = pass_fail_value.toUpperCase();
url = location.protocol + "//" + location.hostname + "/inbound/record- inspection/" + serial_number + "/" + pfv;
$.ajax({
url:url,
cache:false,
});
}
So, when this code executes, I check the url paramter in firebug and it shows up correctly with https and the URL properly formed. However, when I execute the ajax function I see this in firebug:
301 MOVED PERMANENTLY
192.168.1.9
20 B
192.168.1.9:443
Response Headersview source
Connection keep-alive
Content-Encoding gzip
Content-Length 20
Content-Type text/html; charset=utf-8
Date Wed, 24 Oct 2012 17:33:34 GMT
Location http://192.168.1.9/inbound/record-inspection/011234567890123421000000002995/P/?_=1351100020609
Server nginx/1.1.19
Vary Accept-Encoding
Request Headersview source
Accept */*
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection keep-alive
Cookie djdt=hide; csrftoken=sF9RUxrlS6IKURxOryH2d2yT05gMighn; sessionid=9682390da4011e445931643c81be9aae
Host 192.168.1.9
Referer https://192.168.1.9/fingerprint/inspect/
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:15.0) Gecko/20100101 Firefox/15.0.1
X-Requested-With XMLHttpRequest
As you can see above from the referrer, the protocol is HTTPS yet the location in the response header is HTTP? I can't for the life of me figure out why the request is going across the wire as HTTP and not HTTPS. The 301 response is accurate considering it is going as HTTP since, again, the webserver is configured to only allow HTTPS access. Any ideas?
Ok. I messed with this for over 4 hours and as soon as I added a slash to the end of the URL, the issue went away and everything works fine. I have no idea why. The web server/web service does not require a slash to function correctly but for whatever reason, that's what "fixed" it. Thanks for the helpful comments guys.
I was also very upset regarding the same problem. I was sending the ajax request from my ssl page as follows:
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ||
$_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
<script type="text/javascript">
$.ajax({
url: "<?php echo $protocol.$_SERVER['HTTP_HOST'].$this->url(array("action"=>"autocomplete", "controller"=>"ajax", "module"=>"default"));?>",
data: { term: $("#keyword").val()},
dataType: "json",
type: "POST",
success: function(data){
response(data);
}
});
</script>
The problem was that, request header shows that the referer page is an ssl page but the response header shows the location an "http" page as in above Rob's code printscreen.
I came to know that each and every time when you make an ajax request from an ssl page response came to the same page i.e. for ssl page and when you make the ajax request from non-ssl page by the response will came for the same i.e. non-ssl page. This is the default rule for ajax request and response.
I think, definitely there must be a problem from my code side which force to make response from http while sending from https. Exactally, my suspicion was right. Actually there was a default code which force to redirect to response to http page instead of https. I am sharing the previous code:
class Custom_Customplugins extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$action = $request->getActionName();
$controller = $request->getControllerName();
$module = $request->getModuleName();
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$host = $_SERVER['HTTP_HOST'];
if($host != "www.xyz.com")
{
if($protocol == "http://")
{
}
}
else
{
$r = new Zend_Controller_Action_Helper_Redirector();
$u = new Zend_Controller_Action_Helper_Url();
if(
($action == "index" && $controller == "index" && $module == "default")
|| ($action == "login" && $controller == "index" && $module == "default")
|| ($action == "businessownerregistration" && $controller == "index" && $module == "default")
|| ($action == "customerregistration" && $controller == "index" && $module == "default")
|| ($action == "index" && $controller == "changepwd" && $module == "admin")
|| ($action == "index" && $controller == "businessowner" && $module == "businessowner")
|| ($action == "changepwd" && $controller == "serviceprovider" && $module == "businessowner")
|| ($action == "index" && $controller == "customer" && $module == "default")
)
{
if($protocol == "http://")
{
$r->gotoUrl('https://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
}
}
else
{
if($protocol == "https://")
{
$r->gotoUrl('http://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
}
}
}
}
}
After correction the code is:
<?php
class Custom_Customplugins extends Zend_Controller_Plugin_Abstract
{
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$action = $request->getActionName();
$controller = $request->getControllerName();
$module = $request->getModuleName();
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$host = $_SERVER['HTTP_HOST'];
if($host != "www.xyz.com")
{
if($protocol == "http://")
{
}
}
else
{
$r = new Zend_Controller_Action_Helper_Redirector();
$u = new Zend_Controller_Action_Helper_Url();
if(
($action == "index" && $controller == "index" && $module == "default")
|| ($action == "login" && $controller == "index" && $module == "default")
|| ($action == "businessownerregistration" && $controller == "index" && $module == "default")
|| ($action == "customerregistration" && $controller == "index" && $module == "default")
|| ($action == "index" && $controller == "changepwd" && $module == "admin")
|| ($action == "index" && $controller == "businessowner" && $module == "businessowner")
|| ($action == "changepwd" && $controller == "serviceprovider" && $module == "businessowner")
|| ($action == "index" && $controller == "customer" && $module == "default")
)
{
if($protocol == "http://")
{
$r->gotoUrl('https://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
}
}
else if(
($action == "autocomplete" && $controller == "ajax" && $module == "default")
|| ($action == "refreshcaptcha" && $controller == "index" && $module == "default")
)
{
}
else
{
if($protocol == "https://")
{
$r->gotoUrl('http://'.$host.$u->url(array("action"=>$action, "controller"=>$controller, "module"=>$module)))->redirectAndExit();
}
}
}
}
}
?>
and now, my https page is working fine