jQuery CDN having SSL issues

by _sfvdon 4/19/2018, 7:57:11 PM with 17 comments
  • by Someone1234on 4/19/2018, 8:37:30 PM

    It is too bad that the HTML standard has no built in way to fallback.

    They've added a cryptographic hash/integrity and the async/defer attributes to the script tag, but something as essential as a fallback if a script or stylesheet fails to load (which the browser is best placed to know), has no built in functionality.

    Instead you're left doing JavaScript tricks which for missing CSS gets a little ugly[0]. But CDN with local fallback (or visa versa) has been common now for decades but yet no official support at all. Honestly if the integrity attribute is specified the browser should just be able to fall back to a cached copy it has (e.g. jquery.1.2.3.min.js has a crypto hash of ABC123, and I have that file already).

    [0] https://stackoverflow.com/questions/7383163/how-to-fallback-...

  • by jakobdaboon 4/19/2018, 8:41:02 PM

    I always self-host my JS/CSS libraries: the connection is already open (thanks to keep-alive) so what's the problem of serving a couple of more KiBs of compressed data instead of making an additional DNS request and a new connection to a CDN?

    I understand that the CDN version of the library may have already been cached by the browser while visiting other websites, but does it really save that much time/traffic compared to self-hosting?

  • by keaneon 4/19/2018, 8:49:53 PM

      Original, jQuery CDN:
  https://code.jquery.com/jquery-X.Y.Z.min.js

  Google:
  https://ajax.googleapis.com/ajax/libs/jquery/X.Y.Z/jquery.min.js

  Microsoft:
  https://ajax.microsoft.com/ajax/jquery/jquery-X.Y.Z.min.js

  Microsoft ASP.NET:
  https://ajax.aspnetcdn.com/ajax/jquery/jquery-X.Y.Z.min.js

  jsDelivr:
  https://cdn.jsdelivr.net/npm/jquery@X.Y.Z/dist/jquery.min.js

  cdnjs:
  https://cdnjs.cloudflare.com/ajax/libs/jquery/X.Y.Z/jquery.min.js

  Yandex.ru:
  https://yastatic.net/jquery/X.Y.Z/jquery.min.js

  • by nwah1on 4/19/2018, 8:34:28 PM

    Great opportunity to strip out unnecessary uses of jQuery, and move to vanilla javascript.

    http://youmightnotneedjquery.com/

  • by guessmynameon 4/19/2018, 8:52:16 PM

    Years ago, I used to link the library from Google [1] or CloudFlare [2].

    Nowadays, with all the Node.js stuff that goes around modern front-end, I don't see the point of embedding a JavaScript library from a CDN, unless that library is dependent on a remote service, e.g. Google Analytics, Google Maps, etc… That being said, if you are still maintaining a legacy website that depends on jQuery, you should consider to embed the library like this instead:

    <script>window.jQuery || document.write('<script src="/js/jquery.min.js"><\/script>')</script>

    [1] https://developers.google.com/speed/libraries/

    [2] https://cdnjs.com/libraries/jquery

  • by 908087on 4/19/2018, 9:18:50 PM

    One more reason to use Decentraleyes.

    https://decentraleyes.org

  • by Murrawhipon 4/19/2018, 8:28:08 PM

    It's not an expiry. It's a cert name mismatch. CN is *.ssl.hwcdn.net

  • by jimaekon 4/19/2018, 8:39:13 PM

    https://www.jsdelivr.com is a good alternative. We actually monitor for https failures and automatically remove the problematic CDN.

  • by leepowerson 4/19/2018, 8:39:09 PM

    This is why you self-host all project dependencies.

  • by kreitjeon 4/19/2018, 8:39:17 PM

    Looks like it's working again.

  • by justindocantoon 4/19/2018, 8:02:33 PM

    Starting to see complaints, questions, etc. on twitter about it too.

    https://twitter.com/search?f=tweets&q=jquery

  • by dusan76on 4/19/2018, 9:09:49 PM

    Looks like its working now https://code.jquery.com

  • by rharbon 4/19/2018, 8:10:23 PM

    Potentially related to the Chrome 66 update and Symantec stuff?

  • by 8bitbenon 4/19/2018, 8:05:22 PM

    Yep, this just broke my project :/

  • by campuscodion 4/19/2018, 9:43:24 PM

    Looks like they fixed it

  • by petraeuson 4/20/2018, 7:02:34 PM

    Only hobby websites would host jquery off a cdn