We'll need the web API to be available over HTTPS (with a browser-trusted cert) so that our HTTPS-only site seattleflu.org can make successful cross-origin requests for viz.
I ran into this last night while prototyping viz for https://seattleflu.org/current on a dev server that wasn't localhost. While the model web API allows cross-origin requests, the browser denies cross-origin requests of any kind from an HTTPS origin to an HTTP origin by preventing the CORS preflight request.¹
There is no rush on this, as our viz isn't ready to deploy to production yet and this issue doesn't block (most) dev. That said, getting that viz into production is a priority for the next couple weeks and HTTPS support for the model web API is a blocker to that.
¹ See the second "possible cause" on this doc page.
We'll need the web API to be available over HTTPS (with a browser-trusted cert) so that our HTTPS-only site seattleflu.org can make successful cross-origin requests for viz.
I ran into this last night while prototyping viz for https://seattleflu.org/current on a dev server that wasn't localhost. While the model web API allows cross-origin requests, the browser denies cross-origin requests of any kind from an HTTPS origin to an HTTP origin by preventing the CORS preflight request.¹
There is no rush on this, as our viz isn't ready to deploy to production yet and this issue doesn't block (most) dev. That said, getting that viz into production is a priority for the next couple weeks and HTTPS support for the model web API is a blocker to that.
¹ See the second "possible cause" on this doc page.