Closed coliff closed 7 years ago
This will give mixed content errors.
Cloudflare does this for us already.
@phated - you can't get mixed content errors loading HTTPS scripts over HTTP. You only get mixed content errors the other way round - loading HTTP scripts over HTTPS.
Allowing the snippet to request over HTTP opens the door for attacks like the Github Man-on-the-side attack. It’s always safe to request HTTPS assets even if your site is on HTTP, REF: https://www.paulirish.com/2010/the-protocol-relative-url/
Its safer.