Hi, > As I said in my post, the Ajax.Request call are in a HTML Application > (HTA). Which is not a server page. It run on client machine using > mshta.exe and request data from server using ajax.
Ah, sorry. Probably not safe to assume everyone knows what you mean by "HTA". I've seen any number of acronyms people have created ad hoc to make their web apps sound cool, I have to assume I put your use of "HTA" in that category, not being familiar with that specific Microsoft-centric technology. > And I don't think the issue is due to "Same Origin Policy", as the > requests are working fine when server SSL is enabled using trusted > certificate. In that case, it's a question for Microsoft. Prototype isn't involved in the certificate chain process at all. It just does the request and reads the response via XMLHttpRequest. The certificate stuff is handled by the user agent (e.g., mshta.exe). -- T.J. Crowder Independent Software Engineer tj / crowder software / com www / crowder software / com On Jun 12, 7:17 pm, Rick Avner <rickav...@gmail.com> wrote: > Hi Crowder, > > Thanks for the information. > > As I said in my post, the Ajax.Request call are in a HTML Application > (HTA). Which is not a server page. It run on client machine using > mshta.exe and request data from server using ajax. > > And I don't think the issue is due to "Same Origin Policy", as the > requests are working fine when server SSL is enabled using trusted > certificate. > > The response is blank when server SSL is enabled using self signed > certificate. Any idea? > > And yes, I should try with latest version of prototype.js. > > Thanks > > On Jun 12, 3:05 pm, "T.J. Crowder" <t...@crowdersoftware.com> wrote: > > > > > > > > > Addendum: > > > > I am using prototype.js version 1.5. > > > Why? It's been out of date for more than three and a half years > > (assuming you're talking about v1.5.1.2, which was superceded by > > v1.6.0 in November 2007). That's a _long_ time in the browser-based > > world. > > > -- T.J. > > > On Jun 12, 10:36 am, "T.J. Crowder" <t...@crowdersoftware.com> wrote: > > > > Hi, > > > > I don't think it has anything to do with the certificate being self- > > > signed, just that it's https. > > > > Are you trying to use https in an ajax call when the page has been > > > loaded via http? If so, you're running into the Same Origin Policy[1], > > > which forbids doing that. Ajax requests, by default, can only go to > > > the same origin as the document in which the script is running, and > > > the concept of an origin includes the protocol > > > (http://example.comandhttps://example.comare_different_origins). More in > > > the link. > > > > If you're in control of the server, you have a couple of options: > > > > 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin > > > restriction, but it can only use the GET method, not POST. > > > > 2. If you can rely on using a modern browser, you can use the new > > > CORS[3] standard. You can see a list of browsers and their support (or > > > lack thereof) for CORS here[4]. Unfortunately, CORS is only supported > > > by IE in IE8 and above, and that support requires extra work (whereas > > > every other browser vendor who supported it did so in a backward- > > > compatible way). Specifically, instead of using XMLHttpRequest (which > > > is what Ajax.Request uses), you have to use a completely new > > > XDomainRequest object instead. But again, only on IE. Note that using > > > CORS requires that you add support for it to the server, because you > > > have to handle a request from the browser asking if it's okay to send > > > the cross-origin request. > > > > HTH, > > > -- > > > T.J. Crowder > > > Independent Software Engineer > > > tj / crowder software / com > > > www / crowder software / com > > > > [1]http://en.wikipedia.org/wiki/Same_origin_policy > > > [2]http://en.wikipedia.org/wiki/JSONP#JSONP > > > [3]http://www.w3.org/TR/access-control/ > > > [4]http://caniuse.com/#search=cors > > > > On Jun 12, 9:00 am, Rick Avner <rickav...@gmail.com> wrote: > > > > > Hi, > > > > > I have a HTML Application (HTA) using Ajax.Request to get information > > > > from one of my LAMP based server. The requests were working fine > > > > using HTTP. However, the requests are failing (responseText is blank) > > > > when I use HTTPS. Server SSL is enabled using self signed > > > > certificates. > > > > > Is there any way to ignore certificate warnings while using > > > > Ajax.Request? > > > > > I know I should use CA certified certificates on my server. However > > > > just wondering if there is any way for Ajax.Request to work with self > > > > signed certificates. > > > > > I am using prototype.js version 1.5. > > > > > Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Prototype & script.aculo.us" group. To post to this group, send email to prototype-scriptaculous@googlegroups.com. To unsubscribe from this group, send email to prototype-scriptaculous+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/prototype-scriptaculous?hl=en.