|
|
|
|
|
|
by theandrewbailey
1668 days ago
|
|
|
HTTP to HTTPS (and vice-versa), even on the same (sub-)domain, is automatically considered cross-origin. This restricts what HTTPS-loaded Javascript and API calls can do on an HTTP-loaded page. Having everything HTTPS from the beginning will cause less issues in the long run. It's conceivable that at some point every resource loaded on an HTTPS page will require HTTPS, too. https://developer.mozilla.org/en-US/docs/Web/Security/Same-o... |
|
|