From the Root URLs
Using the "from the root"(FTR) method provides the greatest flexibility with regard to security and ease of use.
"From the root" path example
Notice the "/" at the beginning?
This is a shortcut that instructs the browser to start "from the beginning" or "from the root" of the web site. Where the beginning, or the root is the base domain name.
Benefits of using this style URL
- Same URL for any page on your site.
- Eliminate cross-domain security concerns.
- Easier to type!
- ... but there is one caveat :(
The following two URLs point to the same file
Using a slash at the beginning of the address eliminates the need to include the "http://" + the domain name.
Because browsers assume the URL refers to a page on the same domain.
If you're accustom to using relative URLs, where you can "back up" using ../../../paths, well these can be problematic if you move the page, or move a chunk of code from one page to another. Using the FTR path solves any problems related to relative paths as well!
Cross-domain Security Concerns
If a user arrives at your site using the following address:
... and if you've set up the Wimpy Engine to use the "www" address as follows:
... while most of your page will load fine, Wimpy may not because the home page is being requested from "yoursite.com", but Wimpy is loaded from "www.yoursite.com".
Yes, yoursite.com and www.yoursite.com are handled as though they are two completely unique domains!
Even though you and I may know otherwise, security concerns can be raised by:
- Browsers (Chrome, Firefox, Internet Explorer)
- Operating systems (Windows, OS X, Linux)
- Third party software (Norton, Internet Security)
Script files (such as wimpy.js) must be loaded from the exact identical domain or sub.domain address as the page the script is loaded from.
For example, if a user manually types the address to your site using "www" into their browser, but the wimp.js script file is referenced without the "www", then a security flag can be raised and the wimpy.js script may be prevented from running.
Using an FTR will prevent these security flags from being raised.
"From the Root" (FTR) URL's only work when the request is called from within the same domain.
For example, a page located here:
... can make an FTR call to any file that resides on ABC.com.
However a page located here:
... can not use an FTR call and expect a file to load from ABC.com
Likewise, if you load an HTML page from your local PC, FTR calls will not work. Because internet navigation and local file system navigation are two completely different animals.
So FTR's are a little tricky if you test pages from your file system. I recommend setting up a local development server, which will allow you to develop your site under similar conditions to your live server.