HTTP, HTTPS, and shared resources

written by Craig, 19 October 2007

If you’re building secure HTTPS web pages, you need to be careful not to reference HTTP resources. If you share resources across HTTP and HTTPS pages, it’s not a big problem because you just use relative and absolute URLs, e.g. /shared/mypic.jpg ../../shared/script/myscript.js

But what if you need to use resources on another web server (a real problem for mashups and remote scripting)? You cannot use this code as it will throw a security message: <img src="http://example.com/image.jpg" />

The answer is to leave the protocol off the URL, i.e. <img src="//example.com/image.jpg" />

So simple, yet I’d not realised it was possible in all my years of web development. Many thanks to Ned Batchelder for the tip.

• categories: web development
• tags: html, ssl
• trackback: http://www.optimalworks.net/blog/2007/web-development/https-http-urls/trackback
• bookmark: del.icio.us, digg, facebook, reddit, Furl, Spurl, Blinklist, Slashdot, Technorati, Yahoo!