I have two sites : https//:www.domain-only-uses-https.com and www.domain-uses-both-http-and-https.com
Now I am making 2 ajax GET requests in the page of the former to the later, one is
https://www.domain-uses-both-http-and-https.com/some-path (using the HTTPS scheme)
and the other one is
http://www.domain-uses-both-http-and-https.com/some-other-path (using the HTTP scheme)
And I DID set the "https//:www.domain-only-uses-https.com" as the value of "Access-Control-Allow-Origin:" header in the server "www.domain-uses-both-http-and-https.com ".
But now it seems that only request 1 is allowed by Chrome ,but request 2 is forbidden.
So my question is : does the "Access-Control-Allow-Origin" header differentiate between HTTP AND HTTPS? Hope I've made myself clear..