I have a Meteor project that uses the appcache package to store the Meteor application cache in a browser. Now I have purchased an SSL certificate and would like to start forcing users to connect to the https: // address for the site. Therefore, I am adding the force-ssl package. However, when the user goes to http://example.com , the cached version of the Meteor application is downloaded, it receives a notification about the cache update and tries to start downloading the new version of the application. Thus, the site http: // is now trying to request resources from the site https: //, and the browser is blocking this due to problems with CORS.
I played a little with the force-ssl package, even tried to set some headers:
var host = url.parse(Meteor.absoluteUrl()).hostname; res.setHeader('access-control-allow-origin', 'http://' + host); res.setHeader('access-control-allow-credentials', 'true'); res.setHeader('access-control-allow-methods', 'POST, GET, OPTIONS');
But I still see such CORS errors:
GET https://www.example.com/sockjs/881/y6to3ysz/xhr 405 (Method Not Allowed)
Does anyone know how to properly configure the headers so that the update can go through https: // to the http: // site? I go down the rabbit hole when setting socksjs headers, etc., And maybe someone has already done this and can save some time.
source share