If you are going to add SSL certificate on a site, and you are making some ajax calls with http then for sure you are going to face lots of issues due to blocked ajax requests.
After adding SSL your URL will change from http://site_url to https://site_url, it mean now the site is using HTTPS protocol instead of HTTP.
Nowadays approximately all browsers do not allow to make ajax call with http protocol due to security vulnerability.
There a policy for browsers called same-origin policy , and according to it browsers will block all not-secured ajax request originating from a secured URL.
There are number of ways to fixed this problem but best way is to make all request with HTTPS protocol. if hitting ajax request on your own URL then it’s very necessary that you should make all URLs as with HTTPS.
The second solution is CORS . Cross origin HTTP request is just for the requirement when you need to hit an ajax request on different server. For external request you may use this but for same server you should not use it because it works as a separate call from another server. So you will face issues with session.
Just opposite to this if you are working with HTTP URL and making an ajax call with HTTPS then it work fine in browsers but on backend you will not be able to get session variables.
This is just because HTTP in ajax, browser will create different session id for this request.
Read an interesting article about Formula to calculate developer’s salary in India.