Cross-Origin Resource Sharing on GitHub Pages

Max picture Max · Oct 17, 2014 · Viewed 20.5k times · Source

Is there a way to enable Cross-Origin Resource Sharing (CORS) for a static page hosted on GitHub Pages to allow cross-origin requests in Javascript?

For example, can we instruct GH Pages somehow to add these HTTP response headers:

Access-Control-Allow-Origin:*  
Access-Control-Allow-Methods:GET,POST
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers:*

Couldn't find anything in their documentation, and this ...

...GitHub Pages does not support customer server configuration files such as .htaccess or .conf...

... doesn't sound very promising - or is there a way?

Answer

monsur picture monsur · Oct 17, 2014

EDIT: Yay! Looks like GitHub Pages now supports CORS: https://twitter.com/invisiblecomma/status/575219895308324864

This can be verified by curling a request to enable-cors.org (which is hosted on GitHub Pages). Running this command: curl -v enable-cors.org > /dev/null returns an Access-Control-Allow-Origin: * header.

There's no way to support CORS on GitHub Pages, though I'd love to see this feature. We host http://enable-cors.org on GitHub Pages, and we can't enable CORS on the site itself :)


Update

As noted by @Styx GitHub Pages now always redirect to HTTPS. So if you want to confirm for yourself that all origins are allowed, for a particular site using GitHub pages, try curl with -L (to follow the redirects that are involved). E.g.:

$ curl -vL square.github.io/okhttp 2>&1 | fgrep -i access-control-allow-origin