Technology Toolbox

Your technology Sherpa for the Microsoft platform

Jeremy Jameson - Founder and Principal



Use protocol-relative URLs to avoid mixed mode content

A few weeks ago I added some bug fixes for the Subtext blog engine to GitHub. One of the bugs was related to mixed mode content:

jQuery references need to specify "https://" (not "http://") when browsing Subtext pages using HTTPS

My initial fix for this issue was to change references like:

<script type="text/javascript" src=""></script> detect a secure connection (in which case, specify "https://" instead):

<script type="text/javascript" src="<%= Request.IsSecureConnection ? "https" : "http" %>://"></script>

While this worked, Phil pointed out there is a more elegant solution:

Actually, we should simply use a protocol relative URL/network path reference.

For example:


That removes the need do use <%= %> blocks here and is cleaner.

I responded that I didn't even know that was possible (before reading Phil's comment, I would have assumed a URL beginning with "//" would be interpreted as a server-relative URL).

Consequently I updated my fix to incorporate Phil's recommendation:

<script type="text/javascript" src="//"></script>

This just shows that there is always a valuable lesson to be learned each and every day -- especially in the world of software.

So, why do I bother to blog about this topic this morning? Well, I just discovered a similar bug on the Search page of when accessing the site via HTTPS, due to the script reference for Google Site Search:

<script src='' type='text/javascript'></script>

The bug fix for will be included in the next release to PROD.

Here are some good resources for understanding more about protocol-relative URLs (as pointed out in the first resource below, these are technically called network-path references according to RFC 3986, but "protocol-relative URL" seems more intuitive):

Apparently there are some known issues in Internet Explorer 6 with protocol-relative URLs (no surprise there). However, I honestly couldn't care less about IE6 these days. Especially since I occasionally struggle with issues in IE9 that don't occur in Firefox and Chrome -- such as the one pointed out in my previous post.


No comments posted yet.

Add Comment

Optional, but recommended (especially if you have a Gravatar). Note that your email address will not appear with your comment.
If URL is specified, it will be included as a link with your name.

To prevent spam from being submitted, please select the following fruit: Watermelon

Please add 5 and 7 and type the answer here: