Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it "safe" to use schemeless protocol URIs on public websites? Ex. //www.example.com/dir/file [duplicate]

Tags:

In HTML when referencing images, css, javascript, etc... I sometimes use links without the http or https scheme portion, à la. <img src="//www.example.com/dir/file.gif" alt="" /> and I haven't had any browsers choke on it yet (that I know of). I've seen a few other public sites use it as well, but not many.

I even reference the Google jQuery CDN with this syntax on an e-commerce site:

<script src="//ajax.googleapis.com/ajax/.." type="text/javascript"></script>

Obviously, I only do this when I know the server has both http and https capabilities. (Usually my own sites)

So my question is what harm can this cause? What are the pitfalls or downsides?

like image 351
Aaron Wagner Avatar asked Feb 02 '10 00:02

Aaron Wagner


2 Answers

A recent blog answered my question and sent me off to a couple places to learn more.

  • IE 7/8 double downloads stylesheets
  • The RFC describing "network path reference"

The answer is most definitely yes as long as you are aware of two things:

  1. The server with your content needs to be accessible with and without SSL (should be obvious)
  2. IE 7/8 will request stylesheets twice so you might want to avoid using the technique for stylesheets
like image 184
Aaron Wagner Avatar answered Sep 21 '22 01:09

Aaron Wagner


It will not harm anyway. Actually, if you write src="http://ajax.googleapis.com/ajax/.. and your user will browse site over HTTPS then browser will warn user that parts of the site uses HTTP. It is better to use // notation for such cases.

like image 44
uthark Avatar answered Sep 21 '22 01:09

uthark