Can I host my API in Heroku, and access it from GitHub Pages?

Question

I seem to be hitting a lot of walls due to the safety precautions taken by browsers to avoid XSS attacks.

Basically I have some exposed api on Heroku, ie: myapi.herokuapp.com/get/stories but when trying to make such requests from a plain Client.html file on my Desktop, say via XMLHttpRequest or WebSocket , I get NS_ERROR_DOM_BAD_URI or variants thereof.

Am I trying to do something nonsensical?

Answer 1

Nope, it's not nonsensical. You should be able to access it just fine if you have the API and client configured for such requests. For reference, here are some of my (working) settings, with my API hosted on Heroku and accessible from localhost

API (backend)

server.connection {
  port: process.env.PORT
  routes:
    cors:
      origin: ['*']
      credentials: true
      additionalHeaders: ['X-Requested-With']
}

Angular (frontend)

angular.module('app.core').config ($locationProvider, $stateProvider, $urlRouterProvider, $httpProvider, $cookiesProvider) ->
  $locationProvider.html5Mode true

  ## Configure CORS
  $httpProvider.defaults.useXDomain = true
  $httpProvider.defaults.withCredentials = true
  delete $httpProvider.defaults.headers.common["X-Requested-With"]
  $httpProvider.defaults.headers.common["Accept"] = "application/json"
  $httpProvider.defaults.headers.common["Content-Type"] = "application/json"
  # $httpProvider.defaults.headers.common["X-Requested-With"] = "XMLHttpRequest"