Reputation: 1570
http content within https page
In my website with SSL certified URL, I need to include http content for static contents - JS, CSS, Images etc.
E.g. the page at https://www.example.com will refer to http://subdomain.example.com/images/a.jpg.
Is there a way to include HTTP element within HTTPS page, avoiding any security alerts in the browser?
Upvotes: 1
Views: 1262
Answers (3)
Reputation: 1428
You don't need to define http:// when calling your static assets. You can use the protocol-relative url, basically you can do this :
<img src="//subdomain.abc.com/images/a.jpg" alt="">
It will get the image through the same protocol as the page you're on. Paul Irish will explain that better than me on his blog
Upvotes: 2
Reputation: 201568
I don’t think you can bypass security alerts (on browsers that give them) if your https page includes http content. But check whether the references work with https as well (depends on the server of course). If they do, you can use URLs like //subdomain.example.com/images/a.jpg which means that the protocol (http or https) of the page itself will be used.
Upvotes: 1
Reputation: 943510
No. The security warnings are there for a reason and cannot be bypassed.
What if someone altered the JS en-route with a man-in-the-middle attack? They could add their own code and have full access to the DOM, making the SSL worthless.
To be secure, you need to load the entire page over HTTPS, not just the HTML document. If you are secure, then the warnings about being insecure will go away.
Upvotes: 3
Related Questions
- Dealing with HTTP content in HTTPS pages
- Loading http content on https website
- Why html components in http are not working in https
- HTTP on a HTTPS Website
- http content on a https page - Mixed content
- Loading HTTPS content on HTTP pages
- Can I place https link on http site?
- mixing http and https
- Retrieving Page from HTTPS Website
- Insert http page into https site