Only dots shown with HTTPS Everywhere enabled

[machawk1]

Per discussion with @davidar on ArchiveLabs #general Slack channel, attempting to use this service with the HTTPS Everywhere Chrome add-on results in dots being shown indefinitely without any thumbnail images. I was able to replicate the experience with Chrome 61 and HTTPS Everywhere 2017.10.4 (both latest). Access the deployment on https results in an insecure message but the same display.

[jonobr1]

This is a CORS error. The images that we're serving need to be A) available over http and https protocols and B) add a header for access-control-allow-origin with the value of the site or of all sites with * as can be seen here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

[rchrd2]

The images are currently served directly from a nodejs microservice. I'd need to do some work to get it served through https.