There’s this little trick you can get away with that’ll save you some headaches:
If the browser is viewing that current page in through HTTPS, then it’ll request that asset with the HTTPS protocol, otherwise it’ll typically* request it with HTTP. This prevents that awful “This Page Contains Both Secure and Non-Secure Items” error message in IE, keeping all your asset requests within the same protocol.
*Of course, if you’re viewing the file locally, it’ll try to request the file with the
We use this trick in the HTML5 Boilerplate for a clever request of jQuery off the Google CDN:
This trick also works fine in CSS:
… assuming the site you’re pointing to has this asset available on both HTTP and HTTPS.
Caveat: When used on a <link> or @import for a stylesheet, IE7 and IE8 download the file twice. All other uses, however, are just fine.
Thx to miketaylr, ralphholzmann, annevk for smarts on this, and ajaxian, where I think I learned it like 4 years ago? maybe?
The reason this doesn’t work in IE6 is that the server is using SNI to deduce what certificate to return. XP (and thus IE6) doesn’t support SNI in the HTTPS stack. See for details.