Menu
I have found out today that if you visit an EE site that uses the {site_url} tag in the path of the css link in the document head, that the site can not load the CSS file if you type in https rather than http.
I have got round this by using a htaccess file to force onto the http, but I just wondered if there was a setting within EE that you can change to make both work?
This only happened on Chrome and IE, I am guessing depends what your browser is set up to allow security wise.
662
Hypertext Transfer Protocol Secure (https) is a combination of the Hypertext Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. TLS is an authentication and security protocol widely implemented in browsers and Web servers.
HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses.
A secure URL should begin with “https” rather than “http.” The “s” in “https” stands for secure, which indicates that the site is using a Secure Sockets Layer (SSL) Certificate. This lets you know that all your communication and data is encrypted as it passes from your browser to the website's server.
Check out this traceroute from my network to www.google.com. Each one of these lines is a new “hop” or server. If these were HTTP, these servers would change what Google delivers to my browser. But, since Google is HTTPS, this doesn't happen.
I got some great help on this problem previously. I hope it's useful to you now, too.
83
Few people know that you can use protocol-relative URL's for assets
Example:
<link rel="stylesheet" href="//www.site.com/site.css">
<script type="text/javascript" src="//www.site.com/site.js"></script>
If the browser is viewing an page in SSL through HTTPS, then it'll request that asset with the https protocol, otherwise it'll request it with HTTP.
This prevents that awful "This Page Contains Both Secure and Non-Secure Items" error message in IE, keeping all your asset requests within the same protocol.
more info from here:
A relative URL without a scheme (http: or https:) is valid, per RTF 3986: Section 4.2. If a client chokes on it, then it's the client's fault because they're not complying with the URI syntax specified in the RFC.
Your example is valid and should work. I've used that relative URL method myself on heavily trafficked sites and have had zero complaints. Also, we test our sites in Firefox, Safari, IE6, IE7 and Opera. These browsers all understand that URL format
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
