Is a URL starting with // valid? - url

We can see many HTML page using src="//example.com/myjavascript.js" to include a .js and let the browser use http:// / https:// depending on the current scheme of the page URL.
Is this a valid URI ?

Yes, it is definitely valid. It is a "scheme relative" or "protocol relative" URI. In the spec since the beginning. Quite helpful to deal with http/https issues.
Read a much better description and caveats:
Is it valid to replace http:// with // in a <script src="http://...">?
A few points to keep in mind:
There are some minor issues on IE 7 & 8 with double downloads
If you are viewing an HTML page from a file the browser will replace the scheme with file://, and not load your JS file from the server like it would with a full URL starting with http:// or https://.
Edit for modern webdev practices:
While the URL is still valid, it is now recommended to use https for third party resources (and, serve those resources from secure pages). The performance or compatibility issues from years ago are largely resolved with updated protocols and browsers.

As a warning... we encountered issues with this methodology NOT being supported in Internet Explorer when used inside the HTML BASE tag (IE8 and 9 confirmed, didn't test any others before patching the issue).
After newly implementing SSL on a website, we had initially updated the BASE tags across the application to simply reference "//www.mydomain.com" : but the page templates broke (in IE only) on all scripts which did NOT live at the root of the site. Makes sense, since the BASE tag was not picking up the stylesheet or other relatively-linked resources which assumed they were being referenced from root, not from a nested location.
Since the BASE URI was our own domain anyway, we fixed the issue by setting the BASE tag's value to "https://www.mydomain.com". No matter if the client is browsing the site in SSL mode or out, at least it will work cross-browser now and can ALWAYS find its content - and by forcing https at all times, we ensure we don't get any content-mismatch warnings in the process by setting the BASE path to an http location while browsing a page using https.

It is valid indeed and I have just learned this in the hard way!! We broke a customization feature so you should always validate an URL like this (in .NET):
Pay attention to:
White spaces (Trim)
"scheme relative" URI (UriKind.RelativeOrAbsolute)
public bool IsValidUrl(string resourceUrl)
{
Uri uri;
if (Uri.TryCreate(resourceUrl.Trim(), UriKind.RelativeOrAbsolute, out uri))
{
return uri.IsWellFormedOriginalString();
}
return false;
}

Related

TYPO3 v10 - absolute links - config.absRefPrefix dead?

How to tell TYPO3 v10 (globally) to generate absolute links in frontend? config.absRefPrefix doesn't seem to work any longer. Also, using absolute urls as base in site configuration doesn't have any effect. Still relative links in frontend.
EDIT:
config.absRefPrefix seems to work for embedded resources (script, img etc.) but not for usually generated hyperlinks (MenuProcessor, RTE links etc.). Do i really need to set option absolute=1 for all my links generated by view helpers and configure RTE processing to generate absolute links? Thought that's why the global option "absRefPrefix" exists...
This problem already exists since TYPO3 v9. There is a ticket in the bug tracker regarding this issue. I assume that in TYPO3 v12 config. absRefPrefix might be removed completely.
In the ticket comments you can find a number of hints, how to implement absolute links in various places:
use (NO/ACT/...).stdWrap.typolink.forceAbsoluteUrl = 1 for HMENU
for links in the CKEditor RTE this config make every link absolute:
lib.parseFunc_RTE.tags.a.typolink {
forceAbsoluteUrl = 1
forceAbsoluteUrl.scheme = https
}
if you want to globally rewrite all links to absolute links, you can implement the middleware mentioned in the ticket.

Styles Missing After Requiring SSL

After requiring SSL in a blank ASP.NET MVC application, some of the content is no longer loading. Specifically, at least one stylesheet isn't taking effect as shown in the screenshot below. Nothing appears in the console. I'm assuming that I need to change an HTTP reference to HTTPS somewhere, but it looks like all the script files are included in the project rather than being referenced online.
Any suggestions on how to fix this?
This is because the CSS file is being referenced over http:// but the webpage is on https://
It’s known as a ‘Mixed Content’ error
If your site works on both http:// and https:// then there are 2 options
Make the http:// version of your site redirect to the https:// version (recommended)
Make the links to your css file ‘scheme relative’ (also known as ‘protocol relative’) by using just // (two forward slashes) instead of http:// or https://
e.g. //css/mycssfile.css instead of http://css/mycssfile.css
The scheme relative urls (starting with //) will use the same protocol as the web page.
So if your page is on https:// then //css/mycssfile.css means use https:// to get the css file. The same goes for http://, // means use http:// to get the css file.

Joomla base URL incorrectly formulated

Somehow my Joomla after an upgrade from 3.4.7 to 3.4.8 is not formulating the base URL properly. The base is supposed to be "www.domain.com/en-us/" for the English version of the site. It renders the following as the base url "www.domain.comhttp://www.domain.com/en-us/www.domain.com/"
further rendering the following url for resources, such as for "green_leaf.png": "www.domain.comhttp://www.domain.com/en-us/www.domain.com/images/green_leaf.png". Consequently, the pages full missing page elements.
SEF is enabled. Multi Language Filter Plugin is enabled. Any ideas what could be the cause of this besides, the configuration and the htaccess files? Those file are pretty standard.
The first things I would confirm are
- in system > global configuration > site -- is URL rewriting set to yes and have you renamed htaccess to .htaccess?
- if yes then ftp to your site, open configuration.php in a text editor, locate the line setting the $live_site variable and change to
public $live_site = 'http://www.domain.com';
Good luck!
I have tried your suggestion, to specify the $live_site variable in the configuration.php file as you indicate, even though I have also been recommended to leave it empty. The results were the same, the issue remains.
Here is the latest on this matter:
I have created a local copy of the site on my machine from a backup that was still Joomla 3.4.7. The same issue appears. I have reverted back to an earlier backup with Joomla 3.4.6 version of the site, and the site's page was restored to normal. This is with the same exact .htaccess and configuration.php across the 3 Joomla versions.
I have also tried with "Options +FollowSymLinks" commented out in the .htaccess file that came with J3.4.8. On both the live hosted site and a locally hosted copy, same exact results, namely:
Using Google Chrome (with Language Filter Enabled and set to Remove URL Language Code)
On the live hosted site:
www.domain . comhttp://www.domain.com/www.domain.com/
On the localhost copy of the site: localhost/domainfolder/localhost/domainfolder/http://localhost/domainfolder/localhost/domainfolder/domainfolder
So this issue might be pertaining to Joomla versions 3.4.7 and 3.4.8. The challenge is that 3.4.6 also has critical security vulnerabilities.
Also tried with Language Filter Disabled - Same result (Base URL formulated as above) with the difference that all the languages are displayed at the same time on the home page with the resources that are not found because of the faulty base url.

Sitecore gives a blank page with just the text "Default page" in my MVC solution

When I browse to my startpage, e.g. /sv I get a blank page that just says "Default Page". However when I try /sv/ it works. Subpages like /sv/example work without slash though. I'm using Sitecore 7.1 with only MVC views.
Remove the default.aspx file from the web root.
That will fix your problem.
When requesting URLs without a slash at the end, the "StripLanguage" processor of the preprocessRequest pipeline rewrites path to the value of the Settings.DefaultPageName setting ("default.aspx" by default). Since such page physically exists on your site, ASP.NET MVC routing system does not handle such request, and the file itself is served. This behavior is controlled over the RouteCollection.RouteExistingFiles property (false by default), please refer to the following article for the details:
http://msdn.microsoft.com/en-us/library/system.web.routing.routecollection.routeexistingfiles.aspx.
In other case, when a slash is added after a language, this won't happen, since the "StripLanguage" processor does not rewrite the path (which is also not an expected behavior). As a result, request URL does not match the "default.aspx" static file in the site and request is getting processed by ASP.NET MVC.
I suggest you to add the following setting to the "Web.config" file (instead of creating a "default.aspx" page), which points to the "default" page without extension:
<settings>
<setting name="DefaultAspxPageName" value="default"/>
</settings>
After that, the /default URL, without ".aspx" extension, will be processed by MVC and the appropriate item will be rendered independently of a slash after the language URL section.
On my side it works.
I want to point out that the answer to this is not my own but given from the support over at Sitecore who I want to extend a big "Thank you!" to. I had googled this forever until they helped me and I thought that I want to have this document and easily found when others struggle with it. A bug is filed and they are working on fixing it.
DefaultAspxPageName is Hidden Setting.. We can find more such hidden settings..#
http://www.newguid.net/sitecore/2014/sitecore-hidden-string-configuration-settings/

Sitecore 6.5 rev. 120247 media urls adding a leading slash

To be able to use Edgecast CDN, we had to write a custom media provider which worked well with before the site was upgraded from 6.5 rev 111230 to 120427. After the upgrade, none of the images showed up on the website. I debugged the code and found a probable cause. In the upgrade following fix was included -
By default, media URLs will now be generated relative to the site root (such as /~/media/images/picture.ashx or /virtualFolder/~/media/picture.ashx) instead of relative to the current page. Such URLs are considered SEO friendly, and also improve caching. (346213, 332285)
This is now adding a leading slash "/" at the beginning of the media urls. So urls are not getting generated as "//mediaserver/abc.jpg". The 'MediaUrlOptions.VirtualFolder" is being set to "/" by default. I want to confirm that this is the issue and also if I can override this in code but I want to find out if this can be controlled from the config file instead of making this change in the code.If this is not the issue then how can I fix this problem?
In the interest of providing the answer here:
Remove the slash in the Media.MediaLinkPrefix setting due to Sitecore automatically adding it now:
<setting name="Media.MediaLinkPrefix" value="/mediaserver" />
As well as in the following one:
<handler trigger="/mediaserver/" handler="sitecore_media.ashx" />
Also, Media API improvements have been made since version 6.5.0 rev. 120427. Now it is possible to elegantly override the MediaProvider class using a web.config setting per reference number 312358 in release notes on the SDN:
http://sdn.sitecore.net/Products/Sitecore%20V5/Sitecore%20CMS%206/ReleaseNotes/ChangeLog.aspx

Resources