> Protocol Relative URLS are now considered an anti-pattern
Sorry to sidetrack, but what's wrong with protocol-relative URLs? The only info I've found is a quote from Paul Irish relating it vaguely to the China/Github DDOS incident...
I find protocol-relative URLs very helpful for running without HTTPS in my local environment.
The "problem" with protocol-relative URLs, is that it's possible to include HTTP content if the parent was HTTP.
Since HTTPs is preferred for both security and privacy, we should give as little options as possible to use the insecure HTTP protocol and force HTTPs everywhere.
As you mention though, in dev-environments it's a convenient hack to use plain old HTTP. However, in production, preferring HTTPs would be considered the way to go.
Sorry to sidetrack, but what's wrong with protocol-relative URLs? The only info I've found is a quote from Paul Irish relating it vaguely to the China/Github DDOS incident...
I find protocol-relative URLs very helpful for running without HTTPS in my local environment.