plaintext-client-request¶
Ensure XHR requests use encrypted transport
Sending XHR requests via fetch
or the axios
package should always be done over TLS using the https
protocol and not sent in plaintext over the http
protocol.
Examples¶
Insecure Example
fetch('http://www.example.com', 'POST', {})
axios({ method: 'POST', url: 'http://www.example.com' });
Secure Example
fetch('https://www.example.com', 'POST', {})
axios({ method: 'POST', url: 'https://www.example.com' });