Home > Mobile >  Do I run significant risks by having my API called as HTTP rather than HTTPS?
Do I run significant risks by having my API called as HTTP rather than HTTPS?

Time:08-17

I have a GET API that is called by a JS snippet to offload some computation from the browser. There is no reason that any actual user would directly call the API (and would be a violation of our ToS if they did).

Is there a significant risk if we call this API as a http request rather than https? It should reduce our response times, however we're not sure if this represents a vulnerability to either us or our users.

CodePudding user response:

If you make XMLHttpRequest or fetch() requests to your HTTP API from HTTPS pages you will get mixed content errors

CodePudding user response:

Yes. You risk MITM attacks or Man-in-the-middle. Someone impersonating your server and spying on your client's request and event potentially changing them.

Page link:https//www.codepudding.com/Mobile/512939.html

Prev:Countdown 3rd array element and print sorted even numbers
Next:Spring WebClient / Reactor-netty broken when a server responds early?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding