When referring to a resource (js, css or other), let's use protocol-relative links. Don't include the "http:" or "https:". That way we can build pages that work for either HTTP or HTTPS without introducing a mixed content vulnerability.

For example, this line:

<script src="http://www.jmu.edu/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>

Should be written like this:

<script src="//www.jmu.edu/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>


Or if the resource is in Cascade, like this:

<script src="/web_ssi/jquery/1.6/min.js" type="text/javascript"></script>


Here is a blog article explaining mixed content in ie8.


Back to Top