ajax - JavaScript cross-domain call: call from HTTP to HTTPS

Question

I need to make an asynchronous call to a secure (HTTPS) URL for the same domain.

Currently the page is working with regular HTTP (non-secure).

In other words: this is calling an URL in the same domain but using HTTPS.

Before switching this calls to HTTPS I ended implementing a server-side proxy to allow cross-domain AJAX calls, but now I'm facing same origin policy since HTTP and HTTPS are considered different origins too. So this proxy is unusable.

Summary: how to do cross-domain, asnynchronous POST requests in this scenario?

Various notes:

• I couldn't accept any answer suggesting JSONP. Asynchronous calls must be using POST verb.
• I'm using latest version of jQuery. Answer could be based on this library, or any other solving this problem.
• Accessing the entire page over HTTPS isn't a solution.
• Server platform is Microsoft .NET 4.0 (ASP.NET 4.0).
• UDPATE: CORS isn't an option. There's no wide support for this in modern browsers.

Answer 1

First of all, I've +1 both questions from @missingo and @PiTheNumber.

After spending a lot of hours, I've arrived to the conclusion I'm going to switch the entire page to HTTPS. That's because:

• Most moderns browsers support CORS, but Internet Explorer, starting from 8th version has a proprietary implementation (XDomainRequest object), which may be disabled in some computers (mine had cross-domain request disabled by default in Internet security zone).

  • Opera doesn't support CORS. 12th version will support it, but this isn't an option as users should adopt this new version first, and this won't be in 2 days.

  • I need to do cross-domain requests since Web client application must request a RESTful service layer located in another domain. No way.

  • Switching everything to HTTPS makes the service layer proxy approach work again (this is the expected behavior).

Thanks anyway because both answer have helped me a lot for arriving to this conclusion.

UPDATE

@Sam has added a comment that could be interesting for anyone. It's about how to get CORS in Internet Explorer 8 and 9 (see #7): http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx