URI Protocol Detection Standard

Filed in Client Side , General , Server Side 0 comments

At least 15 times during my last 5 years as a Front End and Back End Developer, I must faced one of these issue tickets regarding to my beloved Internet Explorer (IE) and his strictness on delivering unsecured content (http requests) in a secure page (https) such as external javascript scripts, images, etc. Ohh! That beautiful alert message that I guess it has been the source of countless issue tickets in the past years.
IE Https Warning Nevertheless, each time a message box like this appears in a error report it means “Proxy Examination Time” and time to check every request begins. There are the easy ones and the hard ones from server side inclusions to client side usually found on JS code. Just a couple of weeks ago, just we have to include an external JS script file which was causing us a security warning in IE, at first sight we though of some server side code (APACHE Server Side Code) in order to detect the protocol under the web page is serving and we did it!… then some dynamic loading on the client side via AJAX trigger that gorgeous warning again… Examples of this are:


var anURL = "http://www.externaldomain.com/script.js";
if( location.protocol == "https"){
anURL = anURL.replace("http","https") ;

Apache Server Side Code

So, my Technical Leader Rodrigo Iloro (http://rodrigo.iloro.net) handed me an interesting paper on a URI from The Internet Engineering Task Force (IETF) (http://tools.ietf.org/html/rfc3986). Particularly, in the Section 4.2 it mentions the usage of just “//” instead of protocol indication “http:” or ”https:“ to let the browser decided which protocol use base on the actual page. As a result of this you could re-write above pieces of code this way:

<!--#if expr="$SERVER_PORT = 443" -->
<script src="https://www.externaldomain.com/script.js" type="text/javascript" >
<!--#else -->
<script src="http://www.externaldomain.com/script.js" type="text/javascript" >
<!--#endif -->


var anURL ="//www.externaldomain.com/script.js"

Apache Server Side Code

<script src="//www.externaldomain.com/script.js" type="text/javascript">

To sum up, better knowledge of URI Standards simplify, optimise, secure and reduce code and eliminate error prone images, CSS files, and JS script files requests.

Posted by legacy   @   28 February 2011 0 comments
Tags : , , , , ,

Share This Post

RSS Digg Twitter StumbleUpon Delicious Technorati


No comments yet. Be the first to leave a comment !
Leave a Comment

Previous Post
Next Post
PLD League