Default to https for the CORS API.

Heroku uses Strict Transport Security (HSTS), which forces that all requests to *.herokuapp.com must use HSTS. However. Chrome cannot read the CORS response after a HSTS redirect due to https://crbug.com/387198. Since the request is going to be redirected to https anyway, the demo and the documentation will use https by default.
winuall · Aug 29, 2014 · 4343044 · 4343044
1 parent 0745b89
commit 4343044
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -53,7 +53,7 @@ If you want to automatically enable cross-domain requests when needed, use the f
 ```javascript
 (function() {
     var cors_api_host = 'cors-anywhere.herokuapp.com';
-    var cors_api_url = (window.location.protocol === 'http:' ? 'http://' : 'https://') + cors_api_host + '/';
+    var cors_api_url = 'https://' + cors_api_host + '/';
     var slice = [].slice;
     var origin = window.location.protocol + '//' + window.location.host;
     var open = XMLHttpRequest.prototype.open;
@@ -74,8 +74,7 @@ If you're using jQuery, you can also use the following code **instead of** the p
 ```javascript
 jQuery.ajaxPrefilter(function(options) {
     if (options.crossDomain && jQuery.support.cors) {
-      options.url = (window.location.protocol === 'http:' ? 'http:' : 'https:') +
-                    '//cors-anywhere.herokuapp.com/' + options.url;
+        options.url = 'https://cors-anywhere.herokuapp.com/' + options.url;
     }
 });
 ```

diff --git a/demo.html b/demo.html
@@ -64,8 +64,7 @@
 </div>
 
 <script>
-  var protocol = location.protocol === 'http:' ? 'http:' : 'https:';
-  var cors_api_url = protocol + '//cors-anywhere.herokuapp.com/';
+  var cors_api_url = 'https://cors-anywhere.herokuapp.com/';
   function doCORSRequest(options, printResult) {
     var x = new XMLHttpRequest();
     x.open(options.method, cors_api_url + options.url);