Test post preparing for HTTPS
▼ For some time now there's been a push to move the entire web from HTTP (no encryption) to HTTPS (with encryption).
I never felt it was necessary to encrypt static content. But the time has come to cave to peer pressure, and enjoy a few benefits such as the ability to post images to web forums.
However, I still feel very strongly about everything remaining accessible over HTTP. If you go HTTPS-only, you are now relying on a certificate authority (as well as your own ability to keep certificates up to date!), and you're cutting off some older systems and losing some performance. Also, having to change everything wholesale will be somewhat of a nightmare.
The trouble is: how do use HTTP images and links on an HTTP page and HTTPS images and links on the HTTPS version of the same page? With dynamically generated pages that's not too difficult: just let the script insert HTTP or HTTPS as required. Or, even easier: use relative links, that don't include the domain name.
Unfortunately, I have my content spread around a number of subdomains, and most of it is in static pages.
Turns out that you don't have to choose between:
http://www.iljitsch.com/2021/11-20-test-post.html (absolute URL)
and
/2021/11-20-test-post.html (relative URL)
but you can also use:
//www.iljitsch.com/2021/11-20-test-post.html
That's a protocol-relative URL. So you do specify the domain name, but not HTTP or HTTPS (or any other protocol). So if you use such a URL as a link on an HTTP page, the link will use HTTP. If you use it on an HTTPS page, the link will use HTTPS. So that's perfect for links within the site and images on static pages that may be served over either HTTP or HTTPS.
Paul Irish has a blog post that initially explained that it's a good idea to use protocol-relative URLs, but the current wisdom (added to that post) is they are better avoided, as there may be some cross site scripting possibilities. But as I don't use any cross site scripting on iljitsch.com that's not an issue here.
So I still need to go over the entire website to make sure protocol-relative URLs are used where I can't use regular relative URLs.
Apart from that, the main complication is my RSS feeds. Unless I'm misremembering, I started using absolute paths for my images because otherwise the images wouldn't show up properly on RSS aggregators. So I probably need to rewrite relative and protocol-relative URLs in my RSS feed script.
This is a test post to see how relative and protocol-relative images and links are handled in RSS. So don't be alarmed if links or images in this post don't work if you're viewing this post through an RSS aggregator.
Let me plug Esperanto and do the opposite for nuclear energy with this relative image (link):
Then again, fossil fuels aren't ideal either, using a protocol-relative image URL (link):
More later.
Permalink - posted 2021-11-20