http content on a https page - Mixed content

Question

I was wondering how I should do this.

I have some https pages, but need to call in some http content from my CDN provider.
The content I am wanting to load via http is javascript, css and images.

Now when doing this at the moment, some browsers give a mixed content warning, and ask if to show just secure or all content. What I would like to do, is get around this, and give no warning, but keep the https page.

All I can come up with is:
Make a PHP script that uses cURL or file_get_contents, and get the server to load the page in it.

But the problem with this, is it makes the CDN a bit pointess on https pages (I was thinking signup and login at the moment), as it would send the server IP, which is UK and not the visitor which could be from the USA.

Can anyone think of another way to mix the content, but get around the warnings, other then asking each visitor, to change there settings, which I think is a no go.

Thanks.
Garry

Answer 1

If you want to use a CDN, you'll need one that supports HTTPS unfortunately.

Google Libraries provides a number of well-known libraries (e.g. jQuery) over HTTPS.

Answer 2

I know this has already had an answer accepted, but I think the following is a better solution:

Try using protocol-less Urls.

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js" type="text/javascript"></script>

You can do the same with CSS:

<link href="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.20/themes/base/jquery.ui.core.css" type="text/css" rel="stylesheet" />

Note the lack of https or http in the urls. The browser will determine the appropriate protocol. No more mixed content warnings / errors.