Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why use protocol-relative URLs at all?

It's been an oft-discussed question on StackOverflow what this means:

 <script src="//cdn.example.com/somewhere/something.js"></script> 

This gives the advantage that if you're accessing it over HTTPS, you get HTTPS automatically, instead of that scary "Insecure elements on this page" warning.

But why use protocol-relative URLs at all? Why not simply use HTTPS always in CDN URLs? After all, an HTTP page has no reason to complain if you decide to load some parts of it over HTTPS.

(This is more specifically for CDNs; almost all CDNs have HTTPS capability. Whereas, your own server may not necessarily have HTTPS.)

like image 292
oink Avatar asked Feb 11 '15 03:02

oink


People also ask

Why is it always best to use relative URLs?

The relative format allows the same website to exist on staging and production domain, or the live accessible version of your website, without having to go back in and re-code all of the URLs. This not only makes coding easier for a web developer but also serves as a time saver.

What is protocol-relative URLs?

Definition. A protocol-relative URL (PRURL) is the method for linking to a website that offers both HTTP and HTTPS, while HTTPS links should be used for HTTPS-only websites and HTTP links should be used for sites that don't support HTTPS at all.

What problems can there be with use of relative URLs?

When you have a menu structure that relies on relative URLs, one wrong link in your content to your test environment would cause the entire test environment to be spidered and indexed, causing massive duplicate content issues.

Should I use relative or absolute links?

A relative URL is useful within a site to transfer a user from point to point within the same domain. Absolute links are good when you want to send the user to a page that is outside of your server.


2 Answers

As of December 2014, Paul Irish's blog on protocol-relative URLs says:

2014.12.17: Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.

Unless you have specific performance concerns (such as the slow mobile network mentioned in Zakjan's answer) you should use https:// to protect your users.

like image 107
Joe Avatar answered Oct 17 '22 08:10

Joe


Because of performance. Establishing of HTTPS connection takes much longer time than HTTP, TLS handshake adds latency delay up to 2 RTTs. You can notice it on mobile networks. So it is better not to use HTTPS asset URLs, if you don't need it.

like image 34
zakjan Avatar answered Oct 17 '22 07:10

zakjan