Cross-Origin Resource Sharing on GitHub Pages

Question

Is there a way to enable Cross-Origin Resource Sharing (CORS) for a static page hosted on GitHub Pages to allow cross-origin requests in Javascript?

For example, can we instruct GH Pages somehow to add these HTTP response headers:

Access-Control-Allow-Origin:*   Access-Control-Allow-Methods:GET,POST Access-Control-Max-Age: 1000 Access-Control-Allow-Headers:* 

Couldn't find anything in their documentation, and this ...

...GitHub Pages does not support customer server configuration files such as .htaccess or .conf...

... doesn't sound very promising - or is there a way?

Answer 1

EDIT: Yay! Looks like GitHub Pages now supports CORS: https://twitter.com/invisiblecomma/status/575219895308324864

This can be verified by curling a request to enable-cors.org (which is hosted on GitHub Pages). Running this command: curl -v enable-cors.org > /dev/null returns an Access-Control-Allow-Origin: * header.

There's no way to support CORS on GitHub Pages, though I'd love to see this feature. We host http://enable-cors.org on GitHub Pages, and we can't enable CORS on the site itself :)

---

Update

As noted by @Styx GitHub Pages now always redirect to HTTPS. So if you want to confirm for yourself that all origins are allowed, for a particular site using GitHub pages, try curl with -L (to follow the redirects that are involved). E.g.:

$ curl -vL square.github.io/okhttp 2>&1 | fgrep -i access-control-allow-origin 

Answer 2

You can use a CORS proxy.
http://cors.io/ worked for me.

Normal request:

$.getJSON('https://blockchain.info/stats?format=json',function(data){}) 

Request with proxy (just prepend http://cors.io/? on the url)

$.getJSON('http://cors.io/?https://blockchain.info/stats?format=json',function(data){}) 

UPDATE: The API doc have been updated, you just need to prefix your url with https://cors.io/?.