Hi Crowder, Thanks for the information.
As I said in my post, the Ajax.Request call are in a HTML Application (HTA). Which is not a server page. It run on client machine using mshta.exe and request data from server using ajax. And I don't think the issue is due to "Same Origin Policy", as the requests are working fine when server SSL is enabled using trusted certificate. The response is blank when server SSL is enabled using self signed certificate. Any idea? And yes, I should try with latest version of prototype.js. Thanks On Jun 12, 3:05 pm, "T.J. Crowder" <t...@crowdersoftware.com> wrote: > Addendum: > > > I am using prototype.js version 1.5. > > Why? It's been out of date for more than three and a half years > (assuming you're talking about v1.5.1.2, which was superceded by > v1.6.0 in November 2007). That's a _long_ time in the browser-based > world. > > -- T.J. > > On Jun 12, 10:36 am, "T.J. Crowder" <t...@crowdersoftware.com> wrote: > > > > > Hi, > > > I don't think it has anything to do with the certificate being self- > > signed, just that it's https. > > > Are you trying to use https in an ajax call when the page has been > > loaded via http? If so, you're running into the Same Origin Policy[1], > > which forbids doing that. Ajax requests, by default, can only go to > > the same origin as the document in which the script is running, and > > the concept of an origin includes the protocol > > (http://example.comandhttps://example.comare_different_ origins). More in > > the link. > > > If you're in control of the server, you have a couple of options: > > > 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin > > restriction, but it can only use the GET method, not POST. > > > 2. If you can rely on using a modern browser, you can use the new > > CORS[3] standard. You can see a list of browsers and their support (or > > lack thereof) for CORS here[4]. Unfortunately, CORS is only supported > > by IE in IE8 and above, and that support requires extra work (whereas > > every other browser vendor who supported it did so in a backward- > > compatible way). Specifically, instead of using XMLHttpRequest (which > > is what Ajax.Request uses), you have to use a completely new > > XDomainRequest object instead. But again, only on IE. Note that using > > CORS requires that you add support for it to the server, because you > > have to handle a request from the browser asking if it's okay to send > > the cross-origin request. > > > HTH, > > -- > > T.J. Crowder > > Independent Software Engineer > > tj / crowder software / com > > www / crowder software / com > > > [1]http://en.wikipedia.org/wiki/Same_origin_policy > > [2]http://en.wikipedia.org/wiki/JSONP#JSONP > > [3]http://www.w3.org/TR/access-control/ > > [4]http://caniuse.com/#search=cors > > > On Jun 12, 9:00 am, Rick Avner <rickav...@gmail.com> wrote: > > > > Hi, > > > > I have a HTML Application (HTA) using Ajax.Request to get information > > > from one of my LAMP based server. The requests were working fine > > > using HTTP. However, the requests are failing (responseText is blank) > > > when I use HTTPS. Server SSL is enabled using self signed > > > certificates. > > > > Is there any way to ignore certificate warnings while using > > > Ajax.Request? > > > > I know I should use CA certified certificates on my server. However > > > just wondering if there is any way for Ajax.Request to work with self > > > signed certificates. > > > > I am using prototype.js version 1.5. > > > > Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group. To post to this group, send email to prototype-scriptaculous@googlegroups.com. To unsubscribe from this group, send email to prototype-scriptaculous+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.
