Permalink
Browse files

Default to https for the CORS API.

Heroku uses Strict Transport Security (HSTS), which forces that all
requests to *.herokuapp.com must use HSTS. However. Chrome cannot read
the CORS response after a HSTS redirect due to https://crbug.com/387198.

Since the request is going to be redirected to https anyway, the demo
and the documentation will use https by default.
  • Loading branch information...
Rob--W committed Aug 29, 2014
1 parent 0745b89 commit 43430447815faa1904309908051b60e37255b865
Showing with 3 additions and 5 deletions.
  1. +2 −3 README.md
  2. +1 −2 demo.html
@@ -53,7 +53,7 @@ If you want to automatically enable cross-domain requests when needed, use the f
```javascript
(function() {
var cors_api_host = 'cors-anywhere.herokuapp.com';
var cors_api_url = (window.location.protocol === 'http:' ? 'http://' : 'https://') + cors_api_host + '/';
var cors_api_url = 'https://' + cors_api_host + '/';
var slice = [].slice;
var origin = window.location.protocol + '//' + window.location.host;
var open = XMLHttpRequest.prototype.open;
@@ -74,8 +74,7 @@ If you're using jQuery, you can also use the following code **instead of** the p
```javascript
jQuery.ajaxPrefilter(function(options) {
if (options.crossDomain && jQuery.support.cors) {
options.url = (window.location.protocol === 'http:' ? 'http:' : 'https:') +
'//cors-anywhere.herokuapp.com/' + options.url;
options.url = 'https://cors-anywhere.herokuapp.com/' + options.url;
}
});
```
@@ -64,8 +64,7 @@
</div>
<script>
var protocol = location.protocol === 'http:' ? 'http:' : 'https:';
var cors_api_url = protocol + '//cors-anywhere.herokuapp.com/';
var cors_api_url = 'https://cors-anywhere.herokuapp.com/';
function doCORSRequest(options, printResult) {
var x = new XMLHttpRequest();
x.open(options.method, cors_api_url + options.url);

0 comments on commit 4343044

Please sign in to comment.