// default protocol
Use / default protocol, the protocol on behalf of access to resources and keeping the current page, if the current page is http, using the http protocol access, if it is https, then use the https protocol to access.Just use it to upgrade to either http or https do not have to change the code, and now a lot of resources are such references CDN.It is generally used in the inner link, the outer link protocol header having reason uncertainties.
// default protocol is written, for example,
The default protocol used by default the current protocol
When the current page is HTTP, equivalent
When the current page is HTTPS, equivalent
Use // instead of http: // conditions and benefits of?
Current page and target resources to support both HTTP and HTTPS are upgrading from http to https
The advantage is that we can open a page request protocol adaptive way to resources based on user selection,
For content https page, the browser will organize a non-default https content, this can be avoided
When debugging directly open a local file, the protocol used is the file protocol (file: //)
This time the agreement becomes file: // jb51.net / css / obviously does not exist
The current site of the protocol consistent with Rapid Release match your current protocol version, while reducing the SSL protocol version or other deployment costs.Developers do not need to provide any managed server cloud agreement, as long as the // symbols to represent all the most suitable match, and this way of thinking is the same strain nodeJS.
Because many sites will be upgraded to http https, so you can prevent our website was hijacked early in the conversion process to go wrong we do not have to force me to jump, that is, when a user visits http or https access can be normal, then the inside js, pictures, links and so can not use https or http, then what are the solutions it, then the solution is to use the //, not with http: and https that''s it.
// The wording of the agreement is automatically added according to your request protocol.For chestnut: Your website is http protocol, then the fact that you visit http: // xxxx If your website is https protocol, then the requested address becomes https: // xxxx You know, if you wrote http: // xxx. So if your site online is https, it may report a security warning, some browsers can not even load the page correctly.If you just write https, you know, local development, but ah http.
The following are some of the classic reply from know almost
A lot of people have had the benefits of a.Https upgrade can feel the benefits of this course, the most.I''m just a supplementary reason why the former did not write.Of course, there are indeed many do not know the front end of such an approach.However, it also may not even know so write.Because many older version of UC browser does not support such an approach, will // a.b / Direct understood to / a.b /, that is, if you at http: // example.com of pages written // example-cdn.net / static-file address, UC actual visit is http: // example.com / example-cdn.net / static-file .UC market share in the past we all know.and so……
You have not had a look at "the whole station HTTPS upgrading".I do HTTPS site-wide upgrade, really want to write http: // people hacked to death.In particular database links and the JS splicing out url.During use a variety of regular, but also manual verification.But since the write http: // Too many programmers, can only give up.Some people still ask why the comments, the reason is that if you write // whole, I would not transform the database and the data source, and direct upgrade https on the line.You might say this kind of thing rarely happens https transform it, a coincidence that I have encountered in the transformation of Tencent and Ali https ?_? Front-end code reform and Ali when I was responsible for the entire station 1688 (individual departments self-transformation) are (not only HTML, as well as CSS, JS, Velocity templates, etc.!Simply dirty work, why should I take this job TM), do you think I called to write http: // how many people curse?Some also wrote a front-end http directly in the JS, follow what the current page agreement you will not die?
There are front-end with a regular judge when actually only accept http url: // and https: // // does not accept, is not really common sense.Too many programmers, so the mentally retarded.There also may be because they have not heard of it HTTPS.If you do not know, I asked you a few questions: If you use http: //, then you are by default the current page is http protocol, you decide what the front end of a current page protocol?Do not you know http link https pages will complain ah?You should follow the protocol of the current page, so you write // If you use https: //, is the same problem, how will you know after three years of a httpshe: //, when will you do to change all to httpshe: // ?Do not do anything obviously wrong assumptions!You do not know what the current page will be opened with protocols!So you want to use // ah!There are many similar false assumptions, such as many Chinese programmers for phone numbers contain only numbers and parentheses, excluding letters.Is it really?
Some say global replacement is not finished yet?Illustrate it, suppose Taobao so you will want to upgrade https http: // // replace all the first bug: you Replaced with However, at that time http: // tmail.com does not support https then you will replace the domain name within a certain range, http: // (taobao | taobao2 | taobao3).com replaced // $ 1.com The second bug: Some JS is written url = "http: //" + location.hostname + ''/'' + path, as well as write JS is written / ^ http: ///.test (input).You say this would not be able to use regular, and global search http then manually review all JS in it.Do you know how many Taobao JS file it . but these files are cached decade . even if you change, not necessarily update.And once you make mistakes, and affect the user orders, Ma a loss of one hundred million you can afford to lose it?The third bug: Some of the data simply do not in the code, in the database, such as user.Value image that start with http.So you will user.image written user.image.replace ( ''http: //'', ''//'') or you directly change the data in the database (when large amount of data when it is basically impossible) fourth bug: you forgot to change nginx, crossdomain inside the domain fifth bug: you forgot to change the configuration of the system inside base_url sixth bug: https pages you embed an external http iframe . you cry, it is difficult to solve, good luck directly into // (can be https external support), bad luck will change the logic of the page.N-th bug . HTTPS upgrade is dirty work, you simply say you do, where do you begin to know how many of the implicated.The best solution is to make it easy to change the protocol of ways, such as following the current page, or use variables to die anyway, write http: // was not good enough.Some programmers write code, knowing that HTTPS does not have to be compatible, psychological thinking "Anyway, I spent two years left in this company, there are at least three years HTTPS it" and then write the code spam.
More and more developers, when the linked file, using // instead of http: //, that is, as< a href=https://www.jb51.net/web/"http://jb51.net……一般写为 < a href=https://www.jb51.net/web/" //http://jb51.net……,这与传统带http有什么区别?
Your website is http original, and all are beginning src http, dog feces that has been hijacked by a large number of operators, stuffed in your page when a lot of content inappropriate for children / and pure advertising, someone tells you to replace https can improve this problem, so this time you will know before the src and written ajax // instead of http: // what a wise decision that it had...
Joomla CMS official
With a wide range of import and the emergence of more and more open source cloud platforms and SSL protocols (such as waves CMS has been fully enabled SSL protocol support), people had to face the http protocol when making development choices and identify.As we all know, too much ssl references, may cause inefficiencies common site, but we can not go to a pure re-designed for this version of SSL.Performance on the open source libraries, general platforms while providing SSL and non-SSL version version.As these two libraries: https: // code.z01.com / js / jquery-3.2.1.slim.min.jshttp: // code.z01.com / js / jquery-3.2.1.slim.min.js its reference effect is the same.So developers directly instead of the previous agreement with "// URL / file" approach, so that automatic recognition.That is a specific agreement or an ordinary http SSL protocol, to the browser to automatically recognize and automatically match the current site, in order to achieve the best and most efficient security requests loading method.In sum, this is a development methodology and development thinking, cloud computing web and mobile development growing.