Hello fellow front-end web h4X0|2s,
I was wondering if anyone had any resources, proof, or personal experience in using the age-old http/https JavaScript hack:
<script src="//someserver.com/js/script.js"></script>
Has anyone encountered issues in any of these browsers (IE 5.5+, FF2+, Chrome, Opera 9+, Safari 3+)? Has anybody had success stories?
Thank you for your help.
All modern browsers will understand that format, including IE 6. (Not sure about IE 5.5).
Actually, this is not a hack, but a perfectly valid URI syntax as per RFC 3986: Section 4.2. Therefore, I say you're good to go.
I can point you to exactly what you are looking for. It is an RFC document so you have to sift through a lot of noise to get to what you want but this is a legit feature (not a hack) of supposed http clients.
b) If the embedded URL starts with a scheme name, it is
interpreted as an absolute URL and we are done.
c) Otherwise, the embedded URL inherits the scheme of
the base URL.
Read more: http://www.faqs.org/rfcs/rfc1808.html (search for the heading "Resolving Relative URLs" and see steps 1 and 2 below) or here: http://freesoft.org/CIE/RFC/1808/18.htm
As an FYI, I use this in pretty much all of my production projects -- not just for JS resources, but for links to other resources such as images and CSS. Works pretty much everywhere. I've tried this in IE, FF, Opera, Chrome, Safari/Webkit all going back multiple previous versions (where applicable).
Examples:
If find this method to be cleaner than writing code to figure out if we are on http/https.
I have been using this schema since I asked this question and I haven't had any problems. I've seen it work in every browser, including IE5.5. (Most of the stuff I work on requires JavaScript and some of the JS is included with this method.)
I think perhaps the reason people get confused about this is that Google Analytics' standard code inclusion does some complicated stuff with the hostname based on the protocol. However I suspect this is due to the fact that their SSL hostname is different to the non-SSL hostname, for some network reason I imagine.