Is it "safe" to use schemeless protocol URIs on public websites? Ex. //www.example.com/dir/file [duplicate]

Question

In HTML when referencing images, css, javascript, etc... I sometimes use links without the http or https scheme portion, à la. <img src="//www.example.com/dir/file.gif" alt="" /> and I haven't had any browsers choke on it yet (that I know of). I've seen a few other public sites use it as well, but not many.

I even reference the Google jQuery CDN with this syntax on an e-commerce site:

<script src="//ajax.googleapis.com/ajax/.." type="text/javascript"></script>

Obviously, I only do this when I know the server has both http and https capabilities. (Usually my own sites)

So my question is what harm can this cause? What are the pitfalls or downsides?

Answer 1

A recent blog answered my question and sent me off to a couple places to learn more.

• IE 7/8 double downloads stylesheets
• The RFC describing "network path reference"

The answer is most definitely yes as long as you are aware of two things:

1. The server with your content needs to be accessible with and without SSL (should be obvious)
2. IE 7/8 will request stylesheets twice so you might want to avoid using the technique for stylesheets

Answer 2

It will not harm anyway. Actually, if you write src="http://ajax.googleapis.com/ajax/.. and your user will browse site over HTTPS then browser will warn user that parts of the site uses HTTP. It is better to use // notation for such cases.