为什么使用协议相关的URL？ [英] Why use protocol-relative URLs at all?

问题描述

$ p
$ b

 < script src =// cdn。这是一个经常讨论的关于StackOverflow的问题。 example.com/somewhere/something.js\"></script> 
  

这样做的好处是，如果您通过HTTPS访问它，则会自动获取HTTPS，而不是可怕的此页面上的不安全元素警告。

但为什么使用协议相关的URL呢？为什么不直接在CDN URL中使用HTTPS？毕竟，如果您决定通过HTTPS加载它的某些部分，HTTP页面没有理由抱怨。

（这对于CDN更具体;几乎所有的CDN都有HTTPS能力，而你自己的服务器可能不一定有HTTPS。） 截至2014年12月，保罗爱尔兰关于协议相关网址的博客称：

2014.12.17：既然每个人都鼓励SSL，并且没有性能问题，现在这种技术是一种反模式。如果您需要的资产在SSL上可用，那么始终使用 https：// 资产。

blockquote>

除非您有特定的性能问题（例如Zakjan答案中提到的移动网络速度缓慢），否则您应该使用 https：// 保护您的用户。

It's been an oft-discussed question on StackOverflow what this means:

 <script src="//cdn.example.com/somewhere/something.js"></script>

This gives the advantage that if you're accessing it over HTTPS, you get HTTPS automatically, instead of that scary "Insecure elements on this page" warning.

But why use protocol-relative URLs at all? Why not simply use HTTPS always in CDN URLs? After all, an HTTP page has no reason to complain if you decide to load some parts of it over HTTPS.

(This is more specifically for CDNs; almost all CDNs have HTTPS capability. Whereas, your own server may not necessarily have HTTPS.)

解决方案

As of December 2014, Paul Irish's blog on protocol-relative URLs says:

2014.12.17: Now that SSL is encouraged for everyone and doesn’t have performance concerns, this technique is now an anti-pattern. If the asset you need is available on SSL, then always use the https:// asset.

Unless you have specific performance concerns (such as the slow mobile network mentioned in Zakjan's answer) you should use https:// to protect your users.

这篇关于为什么使用协议相关的URL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！