Not a bug jQuery CDN source uses http only

A

Andy.N

Well-known member
Was switching jquery sources from ACP and notice that only jQuery CDN does not use https protocol which my site use. This results in a browser warning.
 
That's correct.

It says as much right underneath the option:
Controls the source of the jQuery core JavaScript library. You may host this yourself (Local) or use one of the recommended CDN sources. Google and Microsoft both support HTTPS/SSL, but the jQuery CDN does not.
Click to expand...

Solution: Don't use jQuery CDN :)
 
It seems like the jQuery one does support HTTPS now, though I haven't found any documentation to say it's "supported" though, so I'm hesitant to change it (and we do caveat it).
 
I guess if you're brave, you can always edit the xenforo file to include it yourself and tell us how it goes

I believe you can manually change the hard code in

/library/XenForo/Application.php
 
It's hardcoded in /library/XenForo/Dependenices/Public.php

A template edit alternative.

Rich (BB code): 
<xen:if is="{$xenOptions.jQuerySource} == 'jquery'">
    <xen:set var="$jQuerySource">//code.jquery.com/jquery-1.10.1.min.js</xen:set>
</xen:if>
    <script src="{$jQuerySource}"></script>   
    <xen:if is="{$jQuerySource} != {$jQuerySourceLocal}">
        <script>if (!window.jQuery) { document.write('<scr'+'ipt type="text/javascript" src="{$jQuerySourceLocal}"><\/scr'+'ipt>'); }</script>
    </xen:if><xen:if is="{$xenOptions.uncompressedJs} == 1 OR {$xenOptions.uncompressedJs} == 3">
    <script src="{$javaScriptSource}/jquery/jquery.xenforo.rollup.js?_v={$xenOptions.jsVersion}"></script></xen:if>   
    <script src="{xen:helper javaScriptUrl, '{$javaScriptSource}/xenforo/xenforo.js?_v={$xenOptions.jsVersion}'}"></script>
<!--XenForo_Require:JS-->

If the source is set to jQuery it uses the // prefix which should work on either http or https.
 
Chris Deeming said:
It's hardcoded in /library/XenForo/Dependenices/Public.php

A template edit alternative.

Rich (BB code): 
<xen:if is="{$xenOptions.jQuerySource} == 'jquery'">
    <xen:set var="$jQuerySource">//code.jquery.com/jquery-1.10.1.min.js</xen:set>
</xen:if>
    <script src="{$jQuerySource}"></script>  
    <xen:if is="{$jQuerySource} != {$jQuerySourceLocal}">
        <script>if (!window.jQuery) { document.write('<scr'+'ipt type="text/javascript" src="{$jQuerySourceLocal}"><\/scr'+'ipt>'); }</script>
    </xen:if><xen:if is="{$xenOptions.uncompressedJs} == 1 OR {$xenOptions.uncompressedJs} == 3">
    <script src="{$javaScriptSource}/jquery/jquery.xenforo.rollup.js?_v={$xenOptions.jsVersion}"></script></xen:if>  
    <script src="{xen:helper javaScriptUrl, '{$javaScriptSource}/xenforo/xenforo.js?_v={$xenOptions.jsVersion}'}"></script>
<!--XenForo_Require:JS-->

If the source is set to jQuery it uses the // prefix which should work on either http or https.
Click to expand...
Thanks Chris.
I feel the XF default should always use // instead of specifying the protocol.
 
Once jQuery's documentation is updated to reflect that their CDN is officially supported over HTTPS, I'm sure Mike will change it.

As it stands, until quite recently there was no HTTPS support at all, and currently there's no official documentation to say they support it at all. So it could be experimental, subject to change or other issues.

So, until then, either use Google (I'd recommend this anyway) or my template edit above (at your own risk) if you wish to try the jQuery one.

With or without official support, I don't see any benefit to using the jQuery CDN over Google.
 
Chris Deeming said:
With or without official support, I don't see any benefit to using the jQuery CDN over Google.
Click to expand...
Yes, I don't see any reason for anyone to use jquery CDN when you have Google/Microsoft available. Just something I notice when testing around.
May as well drop it from the next version.
 
I'd argue there's not much reason to use Microsoft's either...

The benchmarks I've seen suggest that the Microsoft one was very slow compared to Google.

Interestingly, though, for HTTP, it seems that the jQuery CDN was much quicker than even Google in the tests I saw.

But there's other benefits...

If someone were to frequent a lot of XenForo sites, if they're all using the same external jQuery source then that will already be fully cached thus improving load times etc. (albeit marginally).

And I think Google is overall the most popular jQuery source so if you happen to have already been on a site running the same version, then the caching from that site will save it loading on others.

I would actually vote for removing Microsoft and jQuery sources all in all. Maybe with the ability to specify a custom source more easily.
 

Similar threads

ShikiSuen
  • Suggestion Suggestion
Not planned More jQuery CDN choices.
Replies
1
Views
2K
Mike
Mike
mcatze
As designed No phrases for jQuery source options
Replies
1
Views
309
Mike
Mike
Black Tiger
  • Question Question
XF 2.2 What does jQuery source CDN do?
Replies
4
Views
1K
briansol
B
Mouth
Not a bug jQuery source still locally hosted when using CDN
Replies
3
Views
949
slinouille
slinouille
Jon12345
  • Question Question
XF 2.1 jQuery CDN setting - help!
Replies
7
Views
1K
Jon12345
Jon12345
Back
Top Bottom