Ludovic Courtès <l...@gnu.org> writes: > Roel Janssen <r...@gnu.org> skribis: > >> We need to add the following line to the response header at >> hydra.gnu.org: >> >> Access-Control-Allow-Origin: "http://www.gnu.org"; >> >> Here's how to do it: >> http://enable-cors.org/server_nginx.html >> >> Which boils down to adding this line to the nginx config: >> add_header 'Access-Control-Allow-Origin' 'http://www.gnu.org'; > > OK, I’ve done that for /api requests (with the full URI, that is > <https://www.gnu.org/software/guix/packages/> and variants thereof). > Now, when clicking on “Expand”, IceCat no longer complains about CORS, > but it fails to expands and reports this: > > Blocked loading mixed active content > > "http://hydra.gnu.org/api/latestbuilds?nr=1&project=gnu&jobset=master&job=adwaita-icon-theme-3.18.0.x86_64-linux"; > > with a link to: > > https://developer.mozilla.org/en-US/docs/Security/MixedContent
This is because the current page is encrypted but the content from hydra is not. Can we serve hydra.gnu.org/api over HTTPS? ~~ Ricardo
