Is there a way to enable Cross-Origin Resource Sharing (CORS) for a static page hosted on GitHub Pages to allow cross-origin requests in Javascript?
For example, can we instruct GH Pages somehow to add these HTTP response headers:
Access-Control-Allow-Origin:*
Access-Control-Allow-Methods:GET,POST
Access-Control-Max-Age: 1000
Access-Control-Allow-Headers:*
Couldn't find anything in their documentation, and this ...
...GitHub Pages does not support customer server configuration files such as .htaccess or .conf...
... doesn't sound very promising - or is there a way?
EDIT: Yay! Looks like GitHub Pages now supports CORS: https://twitter.com/invisiblecomma/status/575219895308324864
This can be verified by curling a request to enable-cors.org (which is hosted on GitHub Pages). Running this command: curl -v enable-cors.org > /dev/null returns an Access-Control-Allow-Origin: * header.
There's no way to support CORS on GitHub Pages, though I'd love to see this feature. We host http://enable-cors.org on GitHub Pages, and we can't enable CORS on the site itself :)
As noted by @Styx GitHub Pages now always redirect to HTTPS. So if you want to confirm for yourself that all origins are allowed, for a particular site using GitHub pages, try curl with -L (to follow the redirects that are involved). E.g.:
$ curl -vL square.github.io/okhttp 2>&1 | fgrep -i access-control-allow-origin