{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 贪生不怕死 的问题《Is loading scripts or other resources via HTTPS on》','https://www.manongdao.com/q-668513.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm aware of protocol-relative URLs, which are usually the right solution for serving scripts or other resources on pages that may be loaded using HTTP or HTTPS.
However, I have a script that I would like to always serve via HTTPS, even when the page it's being loaded onto is served via HTTP. Leaving the obvious potential security issues around mixing HTTP and HTTPS content aside (namely, that a MITM attack on some script served via HTTP could theoretically be used to inject exploit code used to read stuff from the script served via HTTPS), is this a bad idea for any other reason? For example, will this cause mixed content warnings in any old versions of IE?
Nope! At least, not on any browsers that remain in popular use.
Paul Irish (one of the developers of Google Chrome and modestly notable programming blogger and open-source contributor) has this advice to give in a 2014 update to his 2010 blog post, The Protocol-relative URL (emphasis from the original):
If Paul Irish says that requesting HTTPS assets on a HTTP page is fine, then that's good enough for me.