The problem
About 90% of our customer applications use some form of payment system. This inevitably requires https in part or all of your application. We try to limit https traffic to forms requesting personal data.
We also try to use a CDN for jquery, web-fonts etc, as it improves download speed and allows for better script caching on the clients browser.
So by requesting an external script via HTTP on page delivered over HTTPS, the user is often presented with something like the following:
The solution
By removing the protocol (http: or https:) from the referencing url, the browser will automatically using the same protocol as the page being requested. For example:
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js"></script>
Be sure that the CDN will deliver the content over both https and http. At times the CDN will use a different URL (https://ssl.), so you will need to implement some server side logic if that is the case.
Browser Compatability
Having only discovered this little trick recently, I would have assumed it was not adopted by all browers yet. It is, however, part of the web standards and should therefore be a valid url in all modern web browsers ( Stackoverflow Discussion).