How to avoid those browser warnings about mixing secure and insecure content on a web page? Wouldn't it be great to be able to specify a URL for a resource (be it a script, image, iframe etc.) such that if the current page is insecure (using a http:// scheme) the content would be fetched using the same scheme? And when the current page is secure (using a https:// scheme) the resource would also be fetched as if it had a https scheme?
Well you can, just leave out the scheme in the URL. That is, specify it as "//example.com/some/path/" and the browser will apply the same scheme as the parent page. Great! - But, it is not possible to specify a URL such as this in a Django URLField. Thanks to https://code.djangoproject.com/ticket/5331, a blank scheme will be cause the field verification to insert "http" as the scheme, and you lose the flexibility described above. It is currently not possible (in Django 1.5.1) to get a URLField validating with a blank scheme, so the ability to specify a URL for a resource which can be follow the scheme of the parent page is not possible. I content that the 5331 ticket may not have taken into account the flexibility which the empty scheme offers on web pages, and I urge that it be reconsidered. What do folks think? SB -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
