How to Include CSS and JS files via HTTPS when needed?

JavascriptHtmlCssHttps

Javascript Problem Overview

I am adding an external CSS file and an external JS file to my headers and footers. When loading an HTTPS page, some browsers complain that I am loading unsecured content.

Is there an easy way to make the browser load the external content via HTTPS when the page itself is HTTPS?

Javascript Solutions

Solution 1 - Javascript

Use protocol-relative paths.

Thus not

<link rel="stylesheet" href="http://example.com/style.css">
<script src="http://example.com/script.js"></script>

but so

<link rel="stylesheet" href="//example.com/style.css">
<script src="//example.com/script.js"></script>

then it will use the protocol of the parent page.

Solution 2 - Javascript

nute & James Westgate are right when comenting on the later answer.

If we take a look at miscelanous industry-grade external javascript includes, the successfull ones use both document.location.protocol sniffing and script element injection tu use the proper protocol.

So you could use something like :

<script type="text/javascript">
  var protocol = (
      ("https:" == document.location.protocol) 
      ? "https" 
      : "http"
  );
  document.write(
      unescape(
          "%3Cscript"
              + " src='"
                  + protocol 
                  + "://"
                  + "your.domain.tld"
                  + "/your/script.js"
              + "'"
              + " type='text/javascript'
          + "%3E"
          + "%3C/script%3E"
      ) // this HAS to be escaped, otherwise it would 
        // close the actual (not injected) <script> element
  );
</script>

The same can be done for external CSS includes.

And by the way: be careful to only use relative url() path in your CSS, if any, otherwise you might still get the "mixed secure and unsecure" warning....

Solution 3 - Javascript

If you use relative paths ( and the content is on the same domain) then the content should use whichever protocol the page was requested in.

However if you are going across domain to a CDN or resource site, or if you need to use absolute paths, then you will need to use server side script to change the links, or always use https://

Solution 4 - Javascript

In contradiction to the escaped response (which will also work) you could skip that part and use the correct way to add nodes to your dom tree:

<script type="text/javascript" language="javascript">
    var fileref=document.createElement('script');
    fileref.setAttribute("type","text/javascript");
    fileref.setAttribute("src", document.location.protocol + '//www.mydomain.com/script.js');
    document.getElementsByTagName("head")[0].appendChild(fileref);
</script>

But the protocol-relative path would be the way to go.

Categories
Recommended Javascript Solutions
Recommended Html Solutions
Recommended Css Solutions
Recommended Https Solutions

Previous Solution:

How to use Git on Android?

AndroidGitSynchronization

Next Solution:

How to find column names for all tables in all databases in SQL Server

SqlSql ServerTsqlDatabase Schema

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionNathan HView Question on Stackoverflow
Solution 1 - JavascriptBalusCView Answer on Stackoverflow
Solution 2 - JavascriptAlain BECKERView Answer on Stackoverflow
Solution 3 - JavascriptJames WestgateView Answer on Stackoverflow
Solution 4 - JavascriptgkempkensView Answer on Stackoverflow