phated
commented
7 years ago This will give mixed content errors.
Closed coliff closed 7 years ago
phated
commented
7 years ago This will give mixed content errors.
yocontra
commented
7 years ago Cloudflare does this for us already.
coliff
commented
7 years ago @phated - you can't get mixed content errors loading HTTPS scripts over HTTP. You only get mixed content errors the other way round - loading HTTP scripts over HTTPS.
Allowing the snippet to request over HTTP opens the door for attacks like the Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, REF: https://www.paulirish.com/2010/the-protocol-relative-url/
Its safer.