0

I have a srcURL variable which gets a path of the form /myFolder/myFile.jpg

Now this gets assigned to the img element..which obviously would call it with the complete path https://mySite.com/myFolder/myFile.jpg

Now I somehow want the https to be replaced/enforced with http using Javascript..

I am not sure if I can do this with the "replace()" method since I only get the path "/myFolder/myFile.jpg" in the srcURL variable and not with https..

How can I do that?

Improve this question
3
  • Well..I am not 1005 sure on that...But there is a function function AudioData(section, url) { this.section = section; this.url = url; } Commented Jun 10, 2011 at 13:12
  • 1
    Doesn't mixing https and http elements cause ''insecure elements'' error in IE? Commented Jun 10, 2011 at 13:19
  • @Grzegorz: It's not an error, it's a warning and I think the user can turn that off in advanced settings, but it is on by default. Commented Jun 10, 2011 at 13:21

2 Answers 2

Reset to default
3

You are using a relative path. You need to use an explicit path when setting the src of the URL.

srcURL = '/myFolder/myFile.jpg';
srcURL = 'http://' + window.location.host + srcURL;

// srcURL == 'http://<yourdomainname>/myFolder/myFile.jpg'

Note: you'll probably get a warning message saying some parts of your page may be unsecure.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi there..you seem to have hit the nail on the head..works perfect..my only question is if this is indeed a good practice..in my case, i m unqble to access the resource via https..so in case this is not a good practice or there is some risk, i can think along diff line..
I believe this depends on what the content of the image is. All HTTPS does is add a SSL layer of encryption over HTTP, which is isn't all that secure. Basically, it's like taking your loan application that's sitting on your desk, which has your Social Security # and private information exposed, and putting it in an envelope so that those people that might see it as they pass by, won't. This does not stop those people that want to see it, as all they have to do is open the envelope. Images, though, are compressed, so they kind of are encrypted and don't need the extra basic SSL layer.
To answer your question, it's an okay practice and happens all the time. Most of the time you see those messages that state "information on this page may be unsecure" is due to the images.
1

If you want to enforce plain HTTP, you should write a rewrite rule on the server to forward any HTTPS request for an image to the HTTP equivalent. On the client side, simply doing this would be sufficient (but you really need the back end piece too):

url.replace("https", "http");
Improve this answer

2 Comments

He can't do it on the client side: “I am not sure if I can do this with the "replace()" method since I only get the path "/myFolder/myFile.jpg" in the srcURL variable and not with https”
Hi Mike...I actually want this to happen only in 1 place (i.e. the specific image) on only 1 page..So will the server setting not make a global impact..something which I do not want..

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.