Default to https for the CORS API.

Heroku uses Strict Transport Security (HSTS), which forces that all
requests to *.herokuapp.com must use HSTS. However. Chrome cannot read
the CORS response after a HSTS redirect due to https://crbug.com/387198.

Since the request is going to be redirected to https anyway, the demo
and the documentation will use https by default.

README.md

@@ -53,7 +53,7 @@ If you want to automatically enable cross-domain requests when needed, use the f
 ```javascript
 (function() {
     var cors_api_host = 'cors-anywhere.herokuapp.com';
-    var cors_api_url = (window.location.protocol === 'http:' ? 'http://' : 'https://') + cors_api_host + '/';
+    var cors_api_url = 'https://' + cors_api_host + '/';
     var slice = [].slice;
     var origin = window.location.protocol + '//' + window.location.host;
     var open = XMLHttpRequest.prototype.open;
@@ -74,8 +74,7 @@ If you're using jQuery, you can also use the following code **instead of** the p
 ```javascript
 jQuery.ajaxPrefilter(function(options) {
     if (options.crossDomain && jQuery.support.cors) {
-      options.url = (window.location.protocol === 'http:' ? 'http:' : 'https:') +
+        options.url = 'https://cors-anywhere.herokuapp.com/' + options.url;
-                    '//cors-anywhere.herokuapp.com/' + options.url;
     }
 });
 ```

demo.html

@@ -64,8 +64,7 @@ textarea {
 </div>
 
 <script>
-  var protocol = location.protocol === 'http:' ? 'http:' : 'https:';
+  var cors_api_url = 'https://cors-anywhere.herokuapp.com/';
-  var cors_api_url = protocol + '//cors-anywhere.herokuapp.com/';
   function doCORSRequest(options, printResult) {
     var x = new XMLHttpRequest();
     x.open(options.method, cors_api_url + options.url);