I was wondering if anyone had any resources, proof, or personal experience in using the age-old http/https JavaScript <script>
hack:
<script src="//someserver.com/js/script.js"></script>
Has anyone encountered issues in any of these browsers (IE 5.5+, FF2+, Chrome, Opera 9+, Safari 3+)? Has anybody had success stories?
All modern browsers will understand that format, including IE 6. (Not sure about IE 5.5).
Actually, this is not a hack, but a perfectly valid URI syntax as per RFC 3986: Section 4.2. Therefore, I say you're good to go.
I can point you to exactly what you are looking for. It is an RFC document so you have to sift through a lot of noise to get to what you want but this is a legit feature (not a hack) of supposed http clients.
b) If the embedded URL starts with a scheme name, it is
interpreted as an absolute URL and we are done.
c) Otherwise, the embedded URL inherits the scheme of
the base URL.
Read more: http://www.faqs.org/rfcs/rfc1808.html (search for the heading "Resolving Relative URLs" and see steps 1 and 2 below) or here: http://freesoft.org/CIE/RFC/1808/18.htm
As an FYI, I use this in pretty much all of my production projects -- not just for JS resources, but for links to other resources such as images and CSS (UPDATED: I no longer use this for linking stylesheets).
Works pretty much everywhere. I've tried this in IE, FF, Opera, Chrome, Safari/Webkit all going back multiple previous versions (where applicable).
Examples:
- < img src="//static.example.com/img/token.png" />
- < script type="text/javascript" src="//static.example.com/js/jquery.js">
I find this method to be cleaner than writing code to figure out if we are on http/https.
The only caveat is that you should not use this for stylesheets.
While the following is legal and works:
- < link rel="stylesheet" type="text/css" href="//static.example.com/css/screen.css" media="screen" />
In IE, the above will cause two HTTP requests. Currently, this affects IE7, IE8, and early versions of IE9.
In other words, scheme relative URIs should/can be used for all resources except stylesheets.
I have been using this schema since I asked this question and I haven't had any problems. I've seen it work in every browser, including IE5.5. (Most of the stuff I work on requires JavaScript and some of the JS is included with this method.)
I think perhaps the reason people get confused about this is that Google Analytics' standard code inclusion does some complicated stuff with the hostname based on the protocol. However I suspect this is due to the fact that their SSL hostname is different to the non-SSL hostname, for some network reason I imagine.