来自Codeigniter网站上的Javascript文件中通过HTTP提供的内容不安全的内容警告

Question

Google Chrome is returning an insecure content warning for content served on some of my pages. The content is called by a Javascript file in the assets/js directory in Codeigniter. The Javascript file is loaded in the footer by reference to the js_asset_url, set out in the asset_helper file.

<script src="<?php echo js_asset_url('script.js'); ?>"></script>

I only use SSL on specific controllers, hence the assets folder content is currently loaded insecurely and worries users due to the warning displayed. Does anyone have a solution for Codeigniter to force assets such as .js files to load via SSL?

EDIT: I finally fixed using an external reference source (hope it's ok to post the link!) http://www.davidnard.com/2011/04/easy-ssl-redirection-in-codeigniter/ The content being called by the .js file was for 2 functions within a controller. Setting the relevant controller in the $partial array (see above link) did the trick.

Answer 1

If I am using an absolute URL to point to a script file, I usually reference it via https instead of http. Such as with jQuery, I reference via

If I'm using standard HTTP protocols, my browser doesn't care I'm trying to access secured content, and it is properly handled for using HTTPS.

To handle this with your code, you could always do a string replace.

For instance, in your case, you could do something like:

<!-- str_replace([needle], [replacement_text], [haystack]); -->
<script src="<?php echo str_replace('http:', 'https:', js_asset_url('script.js')); ?>"></script>