From 43430447815faa1904309908051b60e37255b865 Mon Sep 17 00:00:00 2001 From: Rob Wu Date: Fri, 29 Aug 2014 19:17:52 +0200 Subject: [PATCH] Default to https for the CORS API. Heroku uses Strict Transport Security (HSTS), which forces that all requests to *.herokuapp.com must use HSTS. However. Chrome cannot read the CORS response after a HSTS redirect due to https://crbug.com/387198. Since the request is going to be redirected to https anyway, the demo and the documentation will use https by default. --- README.md | 5 ++--- demo.html | 3 +-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index dd4b45ef..b232743e 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ If you want to automatically enable cross-domain requests when needed, use the f ```javascript (function() { var cors_api_host = 'cors-anywhere.herokuapp.com'; - var cors_api_url = (window.location.protocol === 'http:' ? 'http://' : 'https://') + cors_api_host + '/'; + var cors_api_url = 'https://' + cors_api_host + '/'; var slice = [].slice; var origin = window.location.protocol + '//' + window.location.host; var open = XMLHttpRequest.prototype.open; @@ -74,8 +74,7 @@ If you're using jQuery, you can also use the following code **instead of** the p ```javascript jQuery.ajaxPrefilter(function(options) { if (options.crossDomain && jQuery.support.cors) { - options.url = (window.location.protocol === 'http:' ? 'http:' : 'https:') + - '//cors-anywhere.herokuapp.com/' + options.url; + options.url = 'https://cors-anywhere.herokuapp.com/' + options.url; } }); ``` diff --git a/demo.html b/demo.html index 6307dcf0..185c67a7 100644 --- a/demo.html +++ b/demo.html @@ -64,8 +64,7 @@