0

I have a website that was written assuming http:// is one and only protocol forever. Now i bought a SSL certificate but when i visit site calling it with https:// i get info in browsers that part of site is insecure. As i found i have some JS, CSS and images and files that i refer to using http:// in the HTML of the site.

So what is best practice to enable full https? Should i change my website in every place when i refer to image, CSS or JS, check if site was loaded with http or https and load the resource with according protocol? It seems like a lot of work for me and bit error prone. Is there any other way, easier to make the whole site fully secure?

Improve this question

4 Answers 4

Reset to default
3

Rather than linking to your css, js, and images with http://yoursite.com/css/file.css just use relative paths such as /images/image.jpg and /css/file.css this way it will work with both http and https, also if you change domains or copy your content to another domain, you shouldn't have to change all those links either.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Use relative paths. If you are pointing to something that is on the same site as yours, then you should not be using http://

If for some reason you still need to have http:// then just switch them all to https://. An http:// will never complain because it is pointing to https:// stuff, but an https:// page will complain if it is pointing to non-https stuff.

If you are pointing to content outside of your control, on another site for example, then you need to hope that you can get at that content via https instead. If you can't, then you're hosed and you either need to live with the error, get the content from somewhere else, or proxy the content through your own https connection.

Improve this answer

Comments

1

To complement @drew010 's answer, you could use other domains and still refer to the current protocol with //, something like:

<img src="/pics/home.png" />
<img src="//my-cdn.com/pics/info.png" />

The latter example will point to https://.. from https://your-site.com and http://... from http://your-site.com.

Improve this answer

Comments

0

the best practice would be either using relative path rather than absolute but sometimes absolute is a better option so you can do the following :

as I can imagine you have a file called config.php or common.php (a file that stores your common used vars and you include it in every page), so put this code there : 

function selfURL() {
$s = empty($_SERVER["HTTPS"]) ? '' 
    : ($_SERVER["HTTPS"] == "on") ? "s" : "";
$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI'];
}

function strleft($s1, $s2) {
return substr($s1, 0, strpos($s1, $s2));
}

and then you can assign a var called $http to get the value of the function like : $http = selfURL(); and then whenever you want to include anything like images, css, etc do something like :
<img src="<?=$http?>images/sample.png" />

this method is reliable as it works in any situation.

Improve this answer

7 Comments

"sometimes absolute is a better option" when is that?
you suggested to use : <img src="/pics/home.png" /> in your answer and if he does that, and then later on decides to move the website to a folder the images will all break so using absolute path will make sure that this will never happen.
Why shouldn't the absolute path change if the relative path changes?
because in my way you can easily change it by changing a single variable instead of doing it manually one by one
That's true, but yes, this conversation is sidetracked :) I still don't see a reason for when it's better to use an absolute path than a relative one.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.