Closed haku closed 10 years ago
OK, I'll change it. I thought viewing a site over HTTP and making HTTPS calls would be a Bad Thing, but presumably CORS is cool with that.
Its bad the other way round, this way seems ok to me. It can't make it less secure.
In my local copy I am able to swap
http://api.successwhale.com
forhttps://successwhale-api.herokuapp.com
without issues. Uses will not see herokuapp.com and it has a real cert so no self-signed warnings.