There are two types of link URLs that are used in web pages.
- Absolute URLs include the full address of the file being referenced, including the http or https protocol.
- Relative URLs include only part of the address. The parts that are not specified are assumed to be the same as the page calling the link.
Relative URLs work best for sites that may be delivered through either SSL (https) or non-SSL (http). The protocol used when the page is called will also be used to evaluate all of the relative links. There are many ways to construct a Relative URL, so use whichever format works best for your site. Here are some examples for the nav.css file used above:
- “core/css/nav.css” = relative to the path where the calling page was found
- “/gti/core/css/nav.css” = relative to the root of the server where the calling page was found
- “//www.ncsu.edu/gti/core/css/nav.css” = use the same protocol as used for the calling page, but go to the specific server and path. The server could be different in this case.
Absolute URLs can also work for SSL sites, but it is important that all links should always use the https protocol. If you have Absolute URL links in your pages, you should change them to https://… links in all cases. The links will continue to work even if the calling page uses http. The reverse case will break:
- http page calling http link = works
- http page calling https link = works
- https page calling http link = browser error
- https page calling https link = works
One problem you may see is that if you link to third-party websites, they must also support SSL (https) URLs for the files that you need to link. Try using the same URL with the protocol changed to https to see if it works. If not, you have a few options:
- contact the site owner to ask if they have an SSL URL you can use,
- copy their files to your website (if permitted) and then refer to your local copies by relative URLs, or
- replace those files with a newer source that does support SSL.
Google is pushing the conversion to use SSL everywhere on the web, so there’s probably an https version of the same URL already out there.
As you work through your site hopefully you will find that correcting links and resources in one places solves the problem throughout most of the site; many, but not all sites work this way. Once we’ve figured out how to fix the front page, we should commit all of these changes and run the page through Why No Padlock for a re-test. If that all checks out correctly, we can probably repeat the same changes on all the sub-pages.
NC State Brand Bar
The brand bar is the cause of some of problems for some sites. There is an older version of the bar that was not supported under SSL. The newer version of the bar does use SSL. You will need to look into upgrading the bar on all pages to the new version, and use https URLs for the new links.
See http://brand.ncsu.edu/downloads/#utility-bar for instructions on how to upgrade to the new Brand Utility Bar.