I have an application running on server A (https://a.com.br) that has a html page that access a javascript file that is in B (https://b.com.br) server. In which of the servers I have to enable CORS (Access-Control-Allow-Origin) to avoid the need to install the certificate in browsers?
Asked
Active
Viewed 1,385 times
0
-
Certificate? What does that have to Cross-Origin-Access? What is the problem that you're trying to solve? – Bergi Mar 28 '14 at 13:48
-
"A javascript file", as in *a script*, does not need CORS at all. – Bergi Mar 28 '14 at 13:48
-
I get the message: GET https://b.com.br/js/x.js net::ERR_INSECURE_RESPONSE – Luciano Borges Mar 28 '14 at 13:54
-
Look that I'm running my application under SSL – Luciano Borges Mar 28 '14 at 13:55
-
In what browser? But yes, cors is the wrong tool for this problem. – Bergi Mar 28 '14 at 13:55
-
Chrome. How to solve it? – Luciano Borges Mar 28 '14 at 13:56
-
possible duplicate of [Console errors. Failed to load resource: net::ERR\_INSECURE\_RESPONSE](http://stackoverflow.com/questions/22083453/console-errors-failed-to-load-resource-neterr-insecure-response) – Bergi Mar 28 '14 at 13:59