Whoops... typo :)
I promise to use === as well
if ( window.location.protocol === 'https' ) {
" From the result of this talk it sounded like we could do login via
JavaScript as long as we could ensure the user was on HTTPS the time
of login."
On Wed, Feb 5, 2014 at 11:25 AM, Yuvi Panda <yuvipanda(a)gmail.com> wrote:
Although it can be problematic UX wise - non AJAX
login on non-https
and AJAX logins on https could be confusing. Although, if we *are*
being MITM'd with http, the MITM'er can just insert JS that pretends
to have AJAX login...
On Thu, Feb 6, 2014 at 12:52 AM, Yuvi Panda <yuvipanda(a)gmail.com> wrote:
Yeah, if you can ensure that the user is viewing
the current page via
HTTPS, I think you can offer them AJAX Logins.
--
Yuvi Panda T
http://yuvi.in/blog
_______________________________________________
Mobile-l mailing list
Mobile-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mobile-l