This bug was never fixed:
http://xenforo.com/community/threads/facebook-icon-causes-mixed-content-warning.21943/
The image source was changed in 1.1 to //static.ak.fbcdn.net/images/connect_sprite.png , which throws an cert mismatch if accessed over https.
The correct URL is...
Random side note - Internet Explorer doesn't support cors at all, so even with the changes in this thread, IE9 is left in the dark. Script tags, why you so necessary!
While copying a link today, for some reason this phrase stuck out like a sore thumb to me.
Apparently this is one of those weird american idiosyncrasies. We typically spell it "labeled" over here, and my dictionary lists both spellings (with a 'US' specification next to the '-led' version).
Noticed today that Firefox is a little more strict when it comes to CORS requests. The method explained above will only work in chrome. For firefox, you need to add these headers IN ADDITION to the Access-Control-Allow-Origin header:
Access-Control-Allow-Methods GET,OPTIONS...
My js directory:
Your js directory:
It appears your nginx instance still isn't inserting the correct header. Are you sure you applied the rule to the correct domain? Did you reload nginx afterward? Keep in mind you may have to convince maxcdn to flush its cache once you have the header...
My server is actually running nginx as well. If your MaxCDN is feeding off your nginx server, you can just add this section to the nginx config for your domain (replace with your home domain of course):
location /js/ {
add_header Access-Control-Allow-Origin https://www.team9000.net/;
add_header...
First, you need to configure your CDN to pass the appropriate cors headers with all javascript requests. I believe MaxCDN actually repeats all headers passed to it from the origin server, so you will have to configure your local server to feed this header along with all the javascript files in...
I'm not sure if this "bug" really needs fixed. For those of us using static domains, we should probably just be expected to take these few additional steps to set it up correctly. (Although I'm not really sure how it ever worked before >_>)
Did the dynamic javascript loading code change in beta 4? I host my js and data folders on a separate domain, and since the beta4 update, any javascript files loaded dynamically (after the page has loaded) are complaining about the domain not being passed back in the Access-Control-Allow-Origin...