HTTPS and external (CDN) hosted files?

Question

I have a page that references a couple of externally hosted javascript files - namely, jQuery on Google and YUI using YUI Loader.

The trouble is when I access the page via HTTPS the browser complains of mixed insecure content, since the external javascript files are being accessed using http instead of https.

What's a good way to deal with this, accessing the external jQuery and YUI Loader objects with HTTPS?

Ken Redler · Accepted Answer · 2010-09-01T22:44:58.530

90

Assuming the CDN provider has an https version, you can use protocol-relative URLs.

For example, instead of:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

...you can use:

//ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

The browser will use the page's protocol to try to obtain the file. On non-secure pages, http. On secure pages, https.

Google also makes YUI Loader available through its CDN. So for YUI this works fine:

//ajax.googleapis.com/ajax/libs/yui/2.8.0/build/yuiloader/yuiloader-min.js

...in both http and https contexts.

edited Sep 01 '10 at 22:44

answered Sep 01 '10 at 22:39

Ken Redler

23,863
8
57
69

1

Nice, didn't realize you can leave off the protocol. Will give this a try. – Parand Sep 02 '10 at 06:47

score 7 · Answer 2 · answered Sep 01 '10 at 22:40

7

Google hosts them under https

https://ajax.googleapis.com/ajax/libs/yui/2.8.1/build/yuiloader/yuiloader-min.js

https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

answered Sep 01 '10 at 22:40

JeremyWeir

24,118
10
92
107

HTTPS and external (CDN) hosted files?

2 Answers2

Linked