Assuming a single page application accessed initially via HTTP that uses AJAX for all server interaction, is it possible to use HTTP for regular data transfers and then switch to AJAXian HTTPS requests for secure data transfers?

If so, how would the browser handle the certificate and locking notification when a HTTPS AJAX request was made?

If this is not possible, then are there any workarounds to mixing AJAX HTTP and AJAX HTTPS within the same page such as loading an iFrame for HTTPS?

Thanks!

Attempting to switch protocols will violate the same origin policy.

I am not sure how a workaround using iFrames would behave, but I think the browser may block access to the frame that was loaded as HTTPS, again due to the same origin policy.

I know this is old post but since i arrived here by search engine it would be a worth to spill what I've learn.

It is possible to use something called CORS but as usual old MSIE has problem implementing it.

It should be simple as sending additional HTTP headers:

Access-Control-Allow-Origin: http://example.com:8080 http://foo.example.com