from Hacker News

jQuery CDN having SSL issues

by _sfvd on 4/19/18, 7:57 PM with 55 comments

  • by Someone1234 on 4/19/18, 8:37 PM

    It is too bad that the HTML standard has no built in way to fallback.

    They've added a cryptographic hash/integrity and the async/defer attributes to the script tag, but something as essential as a fallback if a script or stylesheet fails to load (which the browser is best placed to know), has no built in functionality.

    Instead you're left doing JavaScript tricks which for missing CSS gets a little ugly[0]. But CDN with local fallback (or visa versa) has been common now for decades but yet no official support at all. Honestly if the integrity attribute is specified the browser should just be able to fall back to a cached copy it has (e.g. jquery.1.2.3.min.js has a crypto hash of ABC123, and I have that file already).

    [0] https://stackoverflow.com/questions/7383163/how-to-fallback-...

  • by jakobdabo on 4/19/18, 8:41 PM

    I always self-host my JS/CSS libraries: the connection is already open (thanks to keep-alive) so what's the problem of serving a couple of more KiBs of compressed data instead of making an additional DNS request and a new connection to a CDN?

    I understand that the CDN version of the library may have already been cached by the browser while visiting other websites, but does it really save that much time/traffic compared to self-hosting?

  • by keane on 4/19/18, 8:49 PM

      Original, jQuery CDN:
  https://code.jquery.com/jquery-X.Y.Z.min.js

  Google:
  https://ajax.googleapis.com/ajax/libs/jquery/X.Y.Z/jquery.min.js

  Microsoft:
  https://ajax.microsoft.com/ajax/jquery/jquery-X.Y.Z.min.js

  Microsoft ASP.NET:
  https://ajax.aspnetcdn.com/ajax/jquery/jquery-X.Y.Z.min.js

  jsDelivr:
  https://cdn.jsdelivr.net/npm/jquery@X.Y.Z/dist/jquery.min.js

  cdnjs:
  https://cdnjs.cloudflare.com/ajax/libs/jquery/X.Y.Z/jquery.min.js

  Yandex.ru:
  https://yastatic.net/jquery/X.Y.Z/jquery.min.js

  • by nwah1 on 4/19/18, 8:34 PM

    Great opportunity to strip out unnecessary uses of jQuery, and move to vanilla javascript.

    http://youmightnotneedjquery.com/

  • by guessmyname on 4/19/18, 8:52 PM

    Years ago, I used to link the library from Google [1] or CloudFlare [2].

    Nowadays, with all the Node.js stuff that goes around modern front-end, I don't see the point of embedding a JavaScript library from a CDN, unless that library is dependent on a remote service, e.g. Google Analytics, Google Maps, etc… That being said, if you are still maintaining a legacy website that depends on jQuery, you should consider to embed the library like this instead:

    <script>window.jQuery || document.write('<script src="/js/jquery.min.js"><\/script>')</script>

    [1] https://developers.google.com/speed/libraries/

    [2] https://cdnjs.com/libraries/jquery

  • by 908087 on 4/19/18, 9:18 PM

    One more reason to use Decentraleyes.

    https://decentraleyes.org

  • by Murrawhip on 4/19/18, 8:28 PM

    It's not an expiry. It's a cert name mismatch. CN is *.ssl.hwcdn.net

  • by jimaek on 4/19/18, 8:39 PM

    https://www.jsdelivr.com is a good alternative. We actually monitor for https failures and automatically remove the problematic CDN.

  • by leepowers on 4/19/18, 8:39 PM

    This is why you self-host all project dependencies.

  • by kreitje on 4/19/18, 8:39 PM

    Looks like it's working again.

  • by justindocanto on 4/19/18, 8:02 PM

    Starting to see complaints, questions, etc. on twitter about it too.

    https://twitter.com/search?f=tweets&q=jquery

  • by dusan76 on 4/19/18, 9:09 PM

    Looks like its working now https://code.jquery.com

  • by rharb on 4/19/18, 8:10 PM

    Potentially related to the Chrome 66 update and Symantec stuff?

  • by 8bitben on 4/19/18, 8:05 PM

    Yep, this just broke my project :/

  • by campuscodi on 4/19/18, 9:43 PM

    Looks like they fixed it

  • by petraeus on 4/20/18, 7:02 PM

    Only hobby websites would host jquery off a cdn