Skip to main content

Bug Tracker

Side navigation

#10142 closed bug (worksforme)

Opened August 26, 2011 01:08AM UTC

Closed August 26, 2011 02:13AM UTC

Last modified July 25, 2013 05:39PM UTC

Serving jQuery and jQuery Mobile from CDN under HTTPS Doesn't Work as the Connection is Untrusted

Reported by: matt@mattstow.com Owned by: matt@mattstow.com
Priority: undecided Milestone: None
Component: unfiled Version: 1.6.2
Keywords: Cc:
Blocked by: Blocking:
Description

Trying to serve jQuery and jQuery Mobile using https says that the connection is untrusted, so obviously doesn't serve the files.

To reproduce, try to access:

https://code.jquery.com/jquery-1.6.2.min.js

https://code.jquery.com/mobile/1.0b2/jquery.mobile-1.0b2.min.js

https://code.jquery.com/mobile/1.0b2/jquery.mobile-1.0b2.min.css

In Firefox you'll get the "Connection is Untrusted". In Chrome you'll get something like "You attempted to reach code.jquery.com, but instead you actually reached a server identifying itself as gp1.wac.edgecastcdn.net"

Attachments (0)
Change History (14)

Changed August 26, 2011 01:17AM UTC by rwaldron comment:1

owner: → matt@mattstow.com
status: newpending

Where does it say that those resources are available over https?

Changed August 26, 2011 01:27AM UTC by matt@mattstow.com comment:2

status: pendingnew

Replying to [comment:1 rwaldron]:

Where does it say that those resources are available over https?

It doesn't. But if jQuery are providing a CDN for web developers to use, then it has to work all of the time, no matter what the protocol.

Changed August 26, 2011 02:08AM UTC by dmethvin comment:3

The Google CDN works with https right now. In the meantime we'll start a collection to get https working. You can donate here: http://jquery.org/donate/

Changed August 26, 2011 02:13AM UTC by rwaldron comment:4

resolution: → worksforme
status: newclosed

Changed September 06, 2011 02:37PM UTC by rwaldron comment:5

#10205 is a duplicate of this ticket.

Changed September 07, 2011 10:20AM UTC by wislam comment:6

Replying to [comment:3 dmethvin]:

The Google CDN works with https right now. In the meantime we'll start a collection to get https working. You can donate here: http://jquery.org/donate/

As a company, we're unable to use the Google CDN due to privacy concerns and protection of our customers, specifically Google's wide-ranging data collection.

Also, Microsoft's CDN doesn't host older jQuery scripts (1.2.6), which I've contacted them about.

Also, your CDN (code.jquery.com - edgecast) is the fastest out of the 3, followed by Microsoft.

see: http://royal.pingdom.com/2010/05/11/cdn-performance-downloading-jquery-from-google-microsoft-and-edgecast-cdns/

Furthermore, as Matt suggested in comment #2, if you provide a cdn, you can't simply provide half the functionality, i.e what about payment sites, login portals, etc?

Sorry, but making a comment like "Where does it say that those resources are available over https?" is cheer lack of care for your users.

Again, sorry, but making a comment like donate so we can fix this is further indicative of lack of care and trying to brush the issue aside.

At this point I'm left wondering why you even chose to provide users with a CDN and your comments cast doubt over its stability and availability.

Changed September 23, 2011 06:49PM UTC by rwaldron comment:7

#10334 is a duplicate of this ticket.

Changed September 23, 2011 06:56PM UTC by etiger13 comment:8

Updated the Downloads page to specify which CDN providers offer SSL versions.

Changed September 25, 2011 01:27AM UTC by dmethvin comment:9

As a company, we're unable to use the Google CDN due to privacy concerns and protection of our customers ...

What is your company and what privacy or security guarantees do you require? The https protocol only addresses site identity and security over the wire. From your comments, clearly there are concerns beyond that if Google's CDN isn't acceptable. For example, if your site is accepting credit cards and wishes to use our CDN, the jQuery servers are not PCI DSS certified -- I don't think any CDN is PCI DSS certified for that matter.

Changed October 03, 2011 06:01PM UTC by etiger13 comment:10

Edgecast CDN supports SSL.

MediaTemple is hosting the jQuery CDN.

MediaTemple seems to use Edgecast to provide their CDN services.

ergo, the jQuery CDN should be able to use SSL.

In reality, MT's implementation of Edgecast does not yet support SSL. This is why the jQuery CDN does not offer a HTTPS version of the library.

wat wat

Changed November 20, 2012 07:47PM UTC by anonymous comment:11

@wislam - Your sense of entitlement is staggering.

Changed January 30, 2013 03:03PM UTC by anonymous comment:12

You could use the links provided on : http://cdnjs.com/

Replying to [comment:10 etiger13]:

Edgecast CDN supports SSL. MediaTemple is hosting the jQuery CDN. MediaTemple seems to use Edgecast to provide their CDN services. ergo, the jQuery CDN should be able to use SSL. In reality, MT's implementation of Edgecast does not yet support SSL. This is why the jQuery CDN does not offer a HTTPS version of the library. wat wat

Changed July 01, 2013 09:34PM UTC by arts_x@yahoo.com comment:13

This is going to be very annoying for IE users, since they get security warnings and messages when https pages are mixed with http. As far as rwaldron. Wow. If you are a volunteer you should leave if you are getting paid you should get fired. What kind of responses are those you sound like a 17 year old kid.

Changed July 25, 2013 05:39PM UTC by anonymous comment:14

Yes has same exact problem of calling jquery files on SSL, and no luck still. please send me any solution, even downloded the files locally and tried but they did not worked.

please send me solution to ravinderchd@gmail.com