Whoops... typo :) I promise to use === as well if ( window.location.protocol === 'https' ) {
" From the result of this talk it sounded like we could do login via JavaScript as long as we could ensure the user was on HTTPS the time of login."
On Wed, Feb 5, 2014 at 11:25 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Although it can be problematic UX wise - non AJAX login on non-https and AJAX logins on https could be confusing. Although, if we *are* being MITM'd with http, the MITM'er can just insert JS that pretends to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda yuvipanda@gmail.com wrote:
Yeah, if you can ensure that the user is viewing the current page via HTTPS, I think you can offer them AJAX Logins.
-- Yuvi Panda T http://yuvi.in/blog
Mobile-l mailing list Mobile-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mobile-l