Is it valid to replace http with in a script src http

Question

I have the following element    lt script type  text javascript  src  https   cdn example com js file js  gt  lt  script gt    In this case the site is HTTPS  but the site may also be just HTTP   The JS file is on another domain   I m wondering if it s valid to do the following for convenience sake    lt script type  text javascript  src    cdn example com js file js  gt  lt  script gt    I m wondering if it s valid to remove the http  or https    It seems to work everywhere I have tested  but are there any cases where it doesn t work

User · Answer

It is perfectly valid to leave off the protocol   The URL spec has been very clear about this for years  and I ve yet to find a browser that doesn t understand it   I don t know why this technique isn t better known  it s the perfect solution to the thorny problem of crossing HTTP HTTPS boundaries   More here  Http-https transitions and relative URLs

User · Answer

We are seeing 404 errors in our logs when using   somedomain com as references to JS files     The references that cause the 404s come out looking like this  ref    lt script src    somedomain com somescript js    gt    404 request   http   mydomain com  somedomain com somescript js   With these showing up regularly in our web server logs  it is safe to say that  All browsers and Bots DO NOT honor RFC 3986 section 4 2  The safest bet is to include the protocol whenever possible

User · Answer

The pattern I see on html5-boilerplate is    lt script src    ajax googleapis com ajax libs jquery 1 10 2 jquery min js  gt  lt  script gt   lt script gt window jQuery    document write   lt script src  js vendor jquery-1 10 2 min js  gt  lt   script gt    lt  script gt    It runs smoothly on different schemes like http  https  file

User · Answer

It is indeed correct  as other answers have stated  You should note though  that some web crawlers will set off 404s for these by requesting them on your server as if a local URL   They disregard the double slash and treat it as a single slash    You may want to set up a rule on your webserver to catch these and redirect them   For example  with Nginx  you d add something like   location        lt redirect domain gt     a-z   0-9   -         a-z        lt redirect path gt         return 301  scheme   redirect domain  redirect path      Do note though  that if you use periods in your URIs  you ll need to increase the specificity or it will end up redirecting those pages to nonexistent domains   Also  this is a rather massive regex to be running for each query -- in my opinion  it s worth punishing non-compliant browsers with 404s over a  slight  performance hit on the majority of compliant browsers

User · Answer

are there any cases where it doesn t work    If the parent page was loaded from file     then it probably does not work  it will try to get file   cdn example com js file js  which of course you could provide locally as well

User · Answer

As your example is linking to an external domain  if you are using HTTPS then you should verify that the external domain is setup for SSL as well  Otherwise  your users may see SSL errors and or 404 errors  e g  older versions of Plesk store HTTP and HTTPS in separate folders   For CDNs  it shouldn t be an issue but for any other website it could be   On a side note  tested while updated an old website and also works in the url  part of a META REFRESH

User · Answer

Many people call this a Protocol Relative URL   It causes a double-download of CSS files in IE 7  amp  8

User · Answer

Yes  this is documented in RFC 3986  section 5 2    edit  Oops  my RFC reference was outdated

User · Answer

are there any cases where it doesn t work    Just to throw this in the mix  if you are developing on a local server  it might not work  You need to specify a scheme  otherwise the browser may assume that src    cdn example com js file js  is src  file   cdn example com js file js   which will break since you re not hosting this resource locally   Microsoft Internet Explorer seem to be particularly sensitive to this  see this question  Not able to load jQuery in Internet Explorer on localhost  WAMP   You would probably always try to find a solution that works on all your environments with the least amount of modifications needed   The solution used by HTML5Boilerplate is to have a fallback when the resource is not loaded correctly  but that only works if you incorporate a check    lt script src    ajax googleapis com ajax libs jquery 1 10 2 jquery min js  gt  lt  script gt   lt  -- If jQuery is not defined  something went wrong and we ll load the local file -- gt   lt script gt window jQuery    document write   lt script src  js vendor jquery-1 10 2 min js  gt  lt   script gt    lt  script gt    UPDATE  HTML5Boilerplate now uses  lt script src  https   ajax googleapis com ajax libs jquery 1 10 2 jquery min js after deciding to deprecate protocol relative URLs  see  here  3

User · Answer

1  Summary  Answer for 2019  you can still use protocol-relative URLs  but this technique an anti-pattern   Also    You may have problems in developing  Some third-party tools may not support them    Migrating from protocol-relative URLs to https    it would be nice     2  Relevance  This answer is relevant for January 2019  In the future  the data of this answer may be obsolete     3  Anti-pattern  3 1  Argumentation  Paul Irish     front-end engineer and a developer advocate for the Google Chrome     write in 2014  December      Now that SSL is encouraged for everyone and doesn   t have performance concerns  this technique is now an anti-pattern  If the asset you need is available on SSL  then always use the https    asset       Allowing the snippet to request over HTTP opens the door for attacks like the recent GitHub Man-on-the-side attack  It   s always safe to request HTTPS assets even if your site is on HTTP  however the reverse is not true    3 2  Another links   Loads page resources using protocol relative URIs Stop using protocol-relative URLs   3 3  Examples   In 2017 Stack Overflow switched from protocol-relative URLs to https In 2018 Chrome will flag all unencrypted websites as    not secure        4  Developing process  For example  I try to use clean-console    Example file KiraCleanConsole  cdn links demo html     lt  DOCTYPE html gt   lt html lang  en  gt   lt head gt       lt meta charset  UTF-8  gt       lt title gt clean-console without protocol demonstration lt  title gt       lt  -- Really dead link -- gt       lt script src  https   unpkg com bowser latest bowser min js  gt  lt  script gt       lt  -- Package exists  link without    https     -- gt       lt script src    cdn jsdelivr net npm jquery 3 3 1 dist jquery min js  gt  lt  script gt       lt  -- Package exists  link with    https     -- gt       lt script src  https   cdn jsdelivr net npm gemini-scrollbar index js  gt  lt  script gt   lt  head gt   lt body gt      Kira Goddess   lt  body gt   lt  html gt     output    D  SashaDebugging gt clean-console -i KiraCleanConsole  cdn links demo html checking KiraCleanConsole  cdn links demo html phantomjs  opening page KiraCleanConsole  cdn links demo html  phantomjs  Unable to load resource   3URL file   cdn jsdelivr net npm jquery 3 3 1 dist jquery min js    phantomjs    phantomjs   code runner js 30 in onResourceError Error code  203  Description  Error opening   cdn jsdelivr net npm jquery 3 3 1 dist jquery min js  The network path was not found     phantomjs   code runner js 31 in onResourceError  phantomjs  Unable to load resource   5URL https   unpkg com bowser 2 1 0 bowser min js    phantomjs    phantomjs   code runner js 30 in onResourceError Error code  203  Description  Error downloading https   unpkg com bowser 2 1 0 bowser min js - server replied  Not Found    phantomjs   code runner js 31 in onResourceError  phantomjs  Checking errors after sleeping for 1000ms 2 error s  on KiraCleanConsole  cdn links demo html  phantomjs process exited with code 2   Link   cdn jsdelivr net npm jquery 3 3 1 dist jquery min js is valid  but I getting an error   Pay attention to file   cdn jsdelivr net npm jquery 3 3 1 dist jquery min js and read Thilo and bg17aw answers about file      I didn t know about this behavior and couldn t understand why I have problems like this for pageres     5  Third-party tools  I use Clickable URLs Sublime Text package  Use it  I can simply open links from my text editor in browser     Both links in example are valid  But first link I can successfully open in browser use Clickable URLs  second link     no  This may not be very convenient     6  Conclusion  Yes    If you have problems as in Developing process item  you can set your development workflow  Else you have problems as in Third-party tools item  you can contribute tools    But you don t need this additional problems  Read information by links in Anti-pattern item  protocol-relative URLs is obsolete

User · Answer

A relative URL without a scheme  http  or https   is valid  per RFC 3986   Uniform Resource Identifier  URI   Generic Syntax   Section 4 2   If a client chokes on it  then it s the client s fault because they re not complying with the URI syntax specified in the RFC   Your example is valid and should work   I ve used that relative URL method myself on heavily trafficked sites and have had zero complaints   Also  we test our sites in Firefox  Safari  IE6  IE7 and Opera   These browsers all understand that URL format

User · Answer

Following the gnud s reference  the RFC 3986 section 5 2 says      If the scheme component is defined  indicating that the reference   starts with a scheme name  then the reference is interpreted as an   absolute URI and we are done  Otherwise  the reference URI s scheme   is inherited from the base URI s scheme component    So    is correct  -

User · Answer

Here I duplicate the answer in Hidden features of HTML      Using a protocol-independent absolute   path    lt img src    domain com img logo png   gt        If the browser is viewing an page in   SSL through HTTPS  then it ll request   that asset with the https protocol    otherwise it ll request it with HTTP       This prevents that awful  This Page   Contains Both Secure and Non-Secure   Items  error message in IE  keeping   all your asset requests within the   same protocol       Caveat  When used on a  lt link gt  or    import for a stylesheet  IE7 and IE8   download the file twice  All other   uses  however  are just fine

User · Answer

It is guaranteed to work in any mainstream browser  I m not taking browsers with less than 0 05  market share into consideration   Heck  it works in Internet Explorer 3 0   RFC 3986 defines a URI as composed of the following parts        foo   example com 8042 over there name ferret nose                                                                                                                   scheme     authority       path        query   fragment   When defining relative URIs  Section 5 2   you can omit any of those sections  always starting from the left  In pseudo-code  it looks like this    result         if defined scheme  then      append scheme to result       append     to result    endif     if defined authority  then      append      to result       append authority to result    endif     append path to result     if defined query  then      append     to result       append query to result    endif     if defined fragment  then      append     to result       append fragment to result    endif     return result    The URI you are describing is a scheme-less relative URI

[html] Is it valid to replace http:// with // in a <script src="http://...">?

Examples related to html

Examples related to http

Examples related to https

Examples related to uri

Examples related to protocol-relative