I'm trying to make a cross-domain XHR to a secure domain.

I used the following code to do so:

this.post = function (url, data) {
    var xmlhttp=new XMLHttpRequest();
    xmlhttp.open("POST",url,true);
    xmlhttp.withCredentials=true;
    xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded; charset=UTF-8");
    xmlhttp.send(data);
}

I use this function with url-encoded string data and https://mydomainx.com/request as url.

I tested it on Chrome and Firefox, with Chrome Dev Tools / Firebug (looking at requests/response headers). The code works on Chrome (i.e. request sent, appropriate response received). The unsecure request works on Firefox though (when I use http://mydomainx.com/request rather than https).

More specifically, on Firefox, the https request seems to be sent: the POST request appears in Firebug with correct request headers, but no response is received. I checked on the endpoint server (mydomainx.com), it does not receive the request (says /var/log/apache2/access.log and error.log). I also displayed status / responseText when xhr.readystate == 4 ----> status = 0, no response text.

I tried making the XHR without data, or with GET instead of POST, and without the content header, and with a text/plain content header => exact same results (works on chrome in http/https, works on firefox with http, does not work on firefox with https).

I spent a lot of time trying to google for an explanation with no success... Any help will be greatly appreciated. Thanks a lot

Have you tried accessing the secure version of the URL in a Firefox tab? It sounds like Firefox may be getting stuck on the SSL certificate and may want you to add an exception to accept the certificate before XHR requests to that URL will work.