Protocol-Less URLs?

Ok, I happened upon this recently, and it sort of blew my mind.  Section 4.2 of RFC 3986 provides for fully qualified URLs that omit protocol (the HTTP or HTTPS) altogether. When a URL’s protocol is omitted, the browser defaults to the underlying document’s protocol.  “Put simply, these “protocol-less” URLs allow a reference like this to work in every browser you’ll try it in:

//ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js

I have personally wondered of something like this for a long time.  “How do I include links to content I want to load without the secure/insecure message (assuming all content is available securely)?” I would ponder.  “the “protocol-less” URL is the best way to reference third party content that’s available via both HTTP and HTTPS.  On a page loaded through regular, unencrypted HTTP, script references using that URL will be loaded via HTTP and be cached as normal. Likewise, on a secure page that was loaded via HTTPS, script references targeting that protocol-less URL will automatically load the script from Google’s CDN via HTTPS and avoid the mixed content warning.  Thus, using the protocol-less URL allows a single script reference to adapt itself to what’s most optimal: HTTP and it’s full caching support on HTTP pages, and HTTPS on secured pages so that your users aren’t confronted with a mixed content warning.”  Originally found here: http://encosia.com/cripple-the-google-cdns-caching-with-a-single-character/.

 

It still amazes me that this is not well known to the hosting industry.  It does however make the usage of CDN with mixed (HTTP/HTTPS) content much easier to utilize, which is also how I last saw this in practice, just days after seeing it was a possibility.


Posted

in

by

Tags: