Protocol and relative path

Hello, all,

I’ve never actually looked into the mechanics of URL/URI, and am curious about one thing.

If I have a page located at, and foo.html contains a script include as follows:

<script type="text/javascript" src="/js/dothis.js"></script>

Does the src for the .js file also use “”? Or is the relative path http only?



Yup, the file will be requested using the same protocol as the page itself.
You can also have requests for files on other domains use the current protocol by starting the url with // - you might have seen this with links to scripts on CDNs:
<script src="//"></script>

Hi, @fretburner,

Indeed, yes I am familiar with the “protocol agnostic” //

But will the relative “/js/dothis.js” appear the same when hashed for same origin check?

The reason I ask is because I’m having some ColdFusion session variable issues between a parent .cfm page and an iFrame .cfm page, even though the parent and iframe are both loading via httpS:// URI. All of the script and CSS links are relative (ie, “/js/form.js” or “/style/this.css”) and I wonder if that might be enough to introduce “unsecure” elements to the page. IE is giving that famous message.

UPDATE: Normally, this isn’t an issue. But our production servers have J2EE memory variables enabled.



Hi WolfShade,

I’ve never heard of that before, how does that cause a problem with your script then?

Hi, @fretburner,

It’s preventing session variables set in the parent page from existing in the iframe page source.

I checked in the Adobe forum, and it doesn’t make sense to one of the users, there. He has no problem with J2EE and session variables. IDK… I should ask that user if they are using SSL/TLS.



Is the base page (i.e. the one calling the iframe) using https as well? If not, that can affect session variable accessibility - at least in php and c#, so I’m guessing it might be the same in CF.

Yes… both pages are loading via HTTPS.

Here’s something that just now occurred to me.

sitemap.xml: will protocol agnostic links work? Or does each entry need to begin with “http” or “https”?



Does <loc> require a protocol/scheme? Or can a protocol agnostic link (// work, here?



Note that this means that all URLs listed in the Sitemap must use the same protocol (http, in this example) and reside on the same host as the Sitemap. For instance, if the Sitemap is located at, it can’t include URLs from

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.