apache
Optionally serve over HTTPS
Feature Request
Motivation Behind Feature
In some development environments, an API is served over SSL via the protocol https. Communicating with that API from a Cordova browser instance on a developer's machine is very efficient work flow. However, modern browsers disallow cross-origin communications between insecure and secured servers. In this case, the secured server is the API, and the insecure server is the current cordova-browser instance served with Node's http module. This is because it is always served without SSL.
Feature Description
The parent issue is in the cordova-browser repo with a full description, partially reproduced in this ticket: https://github.com/apache/cordova-browser/issues/122
Alternatives or Workarounds
Exposing the API over non-secure http is an alternative. In my context, this was rejected strongly for security reasons, especially relating to corporate security accountability programs.
The second is that a developer independently hacks their local cordova installation to enable https. This is suboptimal since upgrading becomes a hassle, requiring careful VCS audits to restore erased, custom code.
