61

Scheme relative URLs (network-path references) are something that I've just found out about - where you don't specify the scheme of a URL and it picks it up from the current context.

For example: <img src="//example.com/img.png" /> will resolve to https://example.com/img.png if the current scheme is HTTPS or http://example.com/img.png if it is not.

This seems like a very easy way to resolve those pesky problems of calling an external script or image on an SSL page without bringing up the dreaded error that some content on a page is not secure.

The benefit seems obvious, but what I don't seem to be able to find is a huge amount of information on this and was wondering if anyone had any experience or references about scheme relative URLs (good or bad)?

Whilst I'm trying to discover if there are any browsers that this causes issues with (I've been successful with IE6-8, Chrome and Firefox), I'm also interested to find out if anyone has any experience using this in different languages. For example, would it work if you were to issue a Response.Redirect with a scheme relative URL in ASP?

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Jonathon Bolster
  • 15,811
  • 3
  • 43
  • 46
  • 1
    possible duplicate of [Is it valid to replace http:// with // in a – outis Mar 10 '12 at 15:35

2 Answers2

58

//example.com/img.png is a perfectly valid URI syntax as per RFC 3986: Section 4.2.

It is relative to the current scheme, and therefore as you mentioned, it can be very useful when switching between HTTP and HTTPS, because you won't need to explicitly specify the scheme.

All modern browsers will understand that format, including IE 6.

Further reading on Stack Overflow:

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Daniel Vassallo
  • 337,827
  • 72
  • 505
  • 443
  • 5
    Such URLs are not new. They are part of the URL specification since 1995 (see [RFC 1808](http://tools.ietf.org/html/rfc1808)). – Gumbo Aug 27 '10 at 10:14
  • I would not necessarily trust any kind of client to parse these URLs correctly, but the major browsers definitely will. – Pekka Aug 27 '10 at 10:18
  • Is there any reason why Google would choose to do it the other way then? - http://code.google.com/apis/analytics/docs/tracking/gaTrackingOverview.html – Dan Atkinson Aug 27 '10 at 10:30
  • 4
    @Dan Atkinson: For Google Analytics it is probably much more important to be compatible with any obscure user agent out there, and probably they found that this is more reliable. However, I guess that in general, our web applications don't have to be compatible with browsers from the Netscape 2 era. – Daniel Vassallo Aug 27 '10 at 10:48
  • Thanks for the links and the RFC. I guess I couldn't find it because I'd looked at the older RFCs. I'd still be interested how the redirects would handle it, but I can investigate that a little bit myself later on. Thanks! :) – Jonathon Bolster Aug 27 '10 at 14:04
  • 6
    Here's a link explaining why Google doesn't use it for Google Analytics. In short, it causes problems for IE6 on Windows XP (but only because that browser does not support TLS SNI). http://paulirish.com/2010/the-protocol-relative-url/#comment-37852 – Sam Morris Mar 20 '12 at 14:34
9

If you want to support IE 7 and 8, you might want to consider that scheme relative URLs for stylesheets will cause them to be downloaded twice:

[...] if you try this in Internet Explorer 7 and 8 you’ll see that stylesheets specified with a protocol relative URL are downloaded twice.

Developers should avoid using protocol relative URLs for stylesheets if they want their pages to be as fast as possible in Internet Explorer 7 & 8.

Source: http://www.stevesouders.com/blog/2010/02/10/5a-missing-schema-double-download/

MPV
  • 1,644
  • 14
  • 15
  • 2
    +1 for the heads up. My reaction is *fine by me*. Sluggish IE will be yet more sluggish, making better browsers appear all the more better. –  Aug 17 '14 at 06:32