Home/ Questions/Q 7061139
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T04:26:15+00:00

I’m currently facing the problem that I want to serve static content via a

  • 0

I’m currently facing the problem that I want to serve static content via a subdomain static.mydomain.tld but my SSL certificate is only valid for my main domain mydomain.tld

Should I include my javascript, css and images over a secure connection when https is used or can I still use http://static.mydomain.tld.

I would change my javascript so that AJAX requests will use https over the main domain.

Or shouldn’t I use the subdomain and include the files from the main domain?

(I was thinking about using a subdomain because I read that static content should be served from a domain that doesn’t set cookies)

Thank you!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Should I include my javascript, css and images over a secure connection when https is used

    Yes. Otherwise it is subject to interception and modification. Replaced images can present users with false data. Replaced JS and CSS (since CSS can embed JS) can execute scripts and leak data from the secure environment.

    shouldn’t I use the subdomain and include the files from the main domain?

    That is an option.

    You can also get another SSL cert for the other host name.

    • 0