How can I make this so it handles both https/http?
add_header Access-Control-Allow-Origin "https://sub.example.com";
What is happening, is specific resources rely on http traffic (//api.example.com), therefor throwing a CORS error in Chrome Console. HTTPS is forced in 3 directions, starting with DNS.
So I have no idea why its doing this. This is basically failing most of the time, when this header contains valid parameters. I notice its "sometimes" going over HTTP so the rest is expected behavior, however due to the forced HTTPS rules on both DNS and NGINX.. I can personally confirm. I just dont get it.
We know we want 100% SSL in all cases. It just does not maintain this behavior.
Any solution or a mapping solution to coordinate this for both prefixes? Thanks.
Perhaps this is the consequence of escaping prefixes in JS for reason of readability. Can anyone confirm this in their own projects/questions?
//sub.example.com - Unexpected, SSL "most of the time".
https://sub.example.com - Enforced - Working
http://sub.example.com - Auto-HTTPS (Impossible to stay on HTTP now matter how hard I try)
