When referring to a resource (js, css or other), let's use protocol-relative links. Don't include the "http:" or "https:". That way we can build pages that work for either HTTP or HTTPS without introducing a mixed content vulnerability.

For example, this line:

<script src="http://www.jmu.edu/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>

Should be written like this:

<script src="//www.jmu.edu/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>

Or if the resource is in Cascade, like this:

<script src="/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>

http://blogs.msdn.com/b/ieinternals/archive/2009/06/22/https-mixed-content-in-ie8.aspx

Back to Top