tags:

views:

640

answers:

3
+1  Q: 

Problem of import js file in https page in IE8

It seems that in IE8, if the page using https protocol needs to import a .js file, the .js file also needs to use the https protocol.

<script type="text/javscript" src="http://xxx/yourjs.js"&gt;&lt;/script&gt;

works in all browsers except IE8

<script type="text/javscript" src="https://xxx/yourjs.js"&gt;&lt;/script&gt;

works in all browsers

I am using a usercontrol which imports several .js files. This means that if one page uses https protocol, then I have to alter the usercontrol so that all imported .js files are using https protocol.

How do you resolve this issue?
How do you comment on this IE8 behavior?

+2  A: 

Using this on HTTPS

<script type="text/javscript" src="http://xxx/yourjs.js"&gt;&lt;/script&gt;

should throw up a warning to the user in all browsers - I'd expect IE8 to do the same but maybe it's a new "feature" to silently ignore it.

You should use the same protocol that the request is on, or failing that always HTTPS (though this will be slower for the user and put more load on your server).

You could specify the URL without the scheme - that should use the current one (http or https):

<script type="text/javscript" src="//xxx/yourjs.js"></script>

Edit: Found the reference saying this is valid: RFC 2396

 relativeURI   = ( net_path | abs_path | rel_path ) [ "?" query ]

A relative reference beginning with two slash characters is termed a
network-path reference, as defined by in Section 3. Such
references are rarely used.

Greg  2009-04-22 11:03:19
Using "/xxx/yourjs.js" as the src attribute will definitely work.
Benedikt Eger  2009-04-22 11:12:49
@Benedikt That's definitely the best option if your js file is on the same domain as your page.
Greg  2009-04-22 12:19:51
@Greg your answer fixed my problem!! Thanks a lot
dkris  2010-05-31 11:30:48
@Billy and Greg: note that the MIME-type should read `text/javascript`.
Marcel Korpel  2010-05-31 14:31:17
A: 

Are you sure this isn't related to the use mixed content security setting?

It might be worth checking your browser settings, to see what the zone you're running in is set to.

To be honest though, I like the websites I go to, to be consistent, so I would like your javascript files to be retrieved via https.

Bravax  2009-04-22 11:03:39
+1  A: 

This is correct behaviour. You don't want non-secure resources to be a part of your secure page. In previous versions of IE a warning was displayed, but I guess the feeling is that too many people just said "go ahead" without knowing what the implications were. The error is now silent. You can adjust your security settings, but that will only fix your browser (and as I mentioned, it's not a good idea).

Make sure your page resources are all secure on your secure pages. (Images, Iframe sources, scripts... the lot!)

Sohnee  2009-04-22 11:39:14

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript