Solving Mixed-Content Warnings

-

Web applications can be written to work with HTTP as well as HTTPS schemes.

To do so, URLs to resources should be encoded as relative URLs.

For example, on a site (softwarehard.blogspot.com), all URLs to resources should be encoded as “/images/imageResource.jpg” or “images/imageResource.jpg” 
instead of “http://softwarehard.blogspot.com/images/imageResource.jpg”

Doing so will allow for the resource to be served in both HTTP and HTTPS schemes depending on the the page request.

However, if an external resource is required, the authority (domain name) needs to be included. The most portable way to include the external resource is to use a scheme-less URL.

For example: “//cdn.blogger.com/js/jquery.js”

Note that neither HTTP nor HTTPS have been specified and doing so will allow us to skirt the mixed-content issue.

This is valid under the URI RFC

However, the caveats are that:

  1. this works well in web browsers but will likely break in email clients!
  2. there is also a minor downside to using this in IE 7 & 8 for stylesheet in that the CSS resource will be downloaded twice (explained here)

Comments

Hridya Siva said…
Can you please explain how to include authority (domain name) in case of external resource
12/07/2012, 16:35
Johannes said…
Hi Siva,

As in the blog entry, if the authoritative domain name is cdn.blogger.com, the (schemeless) URL should then be "//cdn.blogger.com". Hope this helps!
24/07/2012, 00:09
Post a Comment

Popular posts from this blog

Understanding ITIL Service Management the UML way…

-
Image
I originally had a great deal of difficult reconciling the differences amongst ITIL Change Management, Incident Management, and Problem Management. Having researched on the subjects and understanding them better now, I’ve tried to put the concepts together using a UML class diagram to capture my understanding and to keep it imprinted. Similarly, I wanted to differentiate the various categories of changes (Standard, Emergency, Normal) using an easy to understand & self-explanatory manner – a UML Activity Diagram!
Read more

Apache Web Server Troubleshooting

-
How to troubleshoot Apache Web Server? A few standard commands to know by hard: To confirm the modules that are or will be loaded in Apache: apachectl –M [-f <conf filename>] To check the virtual host load pattern: apachectl –S [-f <conf filename>] To test a httpd.conf file: apachectl –t [-f <conf filename>] To maintain the http server: apachectl start|stop|restart To start with a specified configuration file: apachectl –f <conf filename> Create a minimalist httpd.conf. Something like: Listen 80 ServerName myserver.com:80 ServerAdmin admin@myserver.com #ServerRoot " . " ServerRoot " /usr/local/apache2 " User nobody Group nobody #DocumentRoot " ..\wwwroot " DocumentRoot " /home/data/html " ErrorLog " logs/basic_apache.log " LogLevel debug #LoadModule log_config_module modules/mod_log_config.dll LoadModule log_config_module modules/mod_log_config.so <IfModule log_config_module> LogFormat " %h %l
Read more