1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not a Bug jQuery CDN source uses http only

Discussion in 'Resolved Bug Reports' started by Andy.N, Sep 3, 2013.

  1. Andy.N

    Andy.N Well-Known Member

    Was switching jquery sources from ACP and notice that only jQuery CDN does not use https protocol which my site use. This results in a browser warning.
  2. Chris D

    Chris D XenForo Developer Staff Member

    That's correct.

    It says as much right underneath the option:
    Solution: Don't use jQuery CDN :)
  3. Mike

    Mike XenForo Developer Staff Member

    It seems like the jQuery one does support HTTPS now, though I haven't found any documentation to say it's "supported" though, so I'm hesitant to change it (and we do caveat it).
  4. Andy.N

    Andy.N Well-Known Member

    Yes, this link works
  5. Adam Howard

    Adam Howard Well-Known Member

    I guess if you're brave, you can always edit the xenforo file to include it yourself and tell us how it goes

    I believe you can manually change the hard code in

  6. Chris D

    Chris D XenForo Developer Staff Member

    It's hardcoded in /library/XenForo/Dependenices/Public.php

    A template edit alternative.

    <xen:if is="{$xenOptions.jQuerySource} == 'jquery'">
        <xen:set var="$jQuerySource">//code.jquery.com/jquery-1.10.1.min.js</xen:set>
        <script src="{$jQuerySource}"></script>   
        <xen:if is="{$jQuerySource} != {$jQuerySourceLocal}">
            <script>if (!window.jQuery) { document.write('<scr'+'ipt type="text/javascript" src="{$jQuerySourceLocal}"><\/scr'+'ipt>'); }</script>
        </xen:if><xen:if is="{$xenOptions.uncompressedJs} == 1 OR {$xenOptions.uncompressedJs} == 3">
        <script src="{$javaScriptSource}/jquery/jquery.xenforo.rollup.js?_v={$xenOptions.jsVersion}"></script></xen:if>   
        <script src="{xen:helper javaScriptUrl, '{$javaScriptSource}/xenforo/xenforo.js?_v={$xenOptions.jsVersion}'}"></script>
    If the source is set to jQuery it uses the // prefix which should work on either http or https.
    SneakyDave, 0xym0r0n and Andy.N like this.
  7. Andy.N

    Andy.N Well-Known Member

    Thanks Chris.
    I feel the XF default should always use // instead of specifying the protocol.
  8. Chris D

    Chris D XenForo Developer Staff Member

    Once jQuery's documentation is updated to reflect that their CDN is officially supported over HTTPS, I'm sure Mike will change it.

    As it stands, until quite recently there was no HTTPS support at all, and currently there's no official documentation to say they support it at all. So it could be experimental, subject to change or other issues.

    So, until then, either use Google (I'd recommend this anyway) or my template edit above (at your own risk) if you wish to try the jQuery one.

    With or without official support, I don't see any benefit to using the jQuery CDN over Google.
  9. Andy.N

    Andy.N Well-Known Member

    Yes, I don't see any reason for anyone to use jquery CDN when you have Google/Microsoft available. Just something I notice when testing around.
    May as well drop it from the next version.
  10. Chris D

    Chris D XenForo Developer Staff Member

    I'd argue there's not much reason to use Microsoft's either...

    The benchmarks I've seen suggest that the Microsoft one was very slow compared to Google.

    Interestingly, though, for HTTP, it seems that the jQuery CDN was much quicker than even Google in the tests I saw.

    But there's other benefits...

    If someone were to frequent a lot of XenForo sites, if they're all using the same external jQuery source then that will already be fully cached thus improving load times etc. (albeit marginally).

    And I think Google is overall the most popular jQuery source so if you happen to have already been on a site running the same version, then the caching from that site will save it loading on others.

    I would actually vote for removing Microsoft and jQuery sources all in all. Maybe with the ability to specify a custom source more easily.
    soloarquitectura likes this.
  11. digitalpoint

    digitalpoint Well-Known Member

    Another benefit of using Google... When using HTTPS, they use SPDY as the underlying protocol for delivery if your browser supports it.
    soloarquitectura and Chris D like this.

Share This Page