Bug Tracker

Ticket #10142 (closed bug: worksforme)

Opened 3 years ago

Last modified 17 months ago

Serving jQuery and jQuery Mobile from CDN under HTTPS Doesn't Work as the Connection is Untrusted

Reported by: matt@… Owned by: matt@…
Priority: undecided Milestone: None
Component: unfiled Version: 1.6.2
Keywords: Cc:
Blocking: Blocked by:

Description

Trying to serve jQuery and jQuery Mobile using https says that the connection is untrusted, so obviously doesn't serve the files.

To reproduce, try to access:

 https://code.jquery.com/jquery-1.6.2.min.js
 https://code.jquery.com/mobile/1.0b2/jquery.mobile-1.0b2.min.js
 https://code.jquery.com/mobile/1.0b2/jquery.mobile-1.0b2.min.css

In Firefox you'll get the "Connection is Untrusted". In Chrome you'll get something like "You attempted to reach code.jquery.com, but instead you actually reached a server identifying itself as gp1.wac.edgecastcdn.net"

Change History

comment:1 follow-up: ↓ 2 Changed 3 years ago by rwaldron

  • Owner set to matt@…
  • Status changed from new to pending

Where does it say that those resources are available over https?

comment:2 in reply to: ↑ 1 Changed 3 years ago by matt@…

  • Status changed from pending to new

Replying to rwaldron:

Where does it say that those resources are available over https?

It doesn't. But if jQuery are providing a CDN for web developers to use, then it has to work all of the time, no matter what the protocol.

comment:3 follow-up: ↓ 6 Changed 3 years ago by dmethvin

The Google CDN works with https right now. In the meantime we'll start a collection to get https working. You can donate here:  http://jquery.org/donate/

comment:4 Changed 3 years ago by rwaldron

  • Status changed from new to closed
  • Resolution set to worksforme

comment:5 Changed 3 years ago by rwaldron

#10205 is a duplicate of this ticket.

comment:6 in reply to: ↑ 3 Changed 3 years ago by wislam

Replying to dmethvin:

The Google CDN works with https right now. In the meantime we'll start a collection to get https working. You can donate here:  http://jquery.org/donate/

As a company, we're unable to use the Google CDN due to privacy concerns and protection of our customers, specifically Google's wide-ranging data collection. Also, Microsoft's CDN doesn't host older jQuery scripts (1.2.6), which I've contacted them about.

Also, your CDN (code.jquery.com - edgecast) is the fastest out of the 3, followed by Microsoft. see:  http://royal.pingdom.com/2010/05/11/cdn-performance-downloading-jquery-from-google-microsoft-and-edgecast-cdns/

Furthermore, as Matt suggested in comment #2, if you provide a cdn, you can't simply provide half the functionality, i.e what about payment sites, login portals, etc?

Sorry, but making a comment like "Where does it say that those resources are available over https?" is cheer lack of care for your users. Again, sorry, but making a comment like donate so we can fix this is further indicative of lack of care and trying to brush the issue aside.

At this point I'm left wondering why you even chose to provide users with a CDN and your comments cast doubt over its stability and availability.

comment:7 Changed 3 years ago by rwaldron

#10334 is a duplicate of this ticket.

comment:8 Changed 3 years ago by etiger13

Updated the Downloads page to specify which CDN providers offer SSL versions.

comment:9 Changed 3 years ago by dmethvin

As a company, we're unable to use the Google CDN due to privacy concerns and protection of our customers ...

What is your company and what privacy or security guarantees do you require? The https protocol only addresses site identity and security over the wire. From your comments, clearly there are concerns beyond that if Google's CDN isn't acceptable. For example, if your site is accepting credit cards and wishes to use our CDN, the jQuery servers are not PCI DSS certified -- I don't think any CDN is PCI DSS certified for that matter.

comment:10 follow-up: ↓ 12 Changed 3 years ago by etiger13

Edgecast CDN supports SSL.

MediaTemple is hosting the jQuery CDN.

MediaTemple seems to use Edgecast to provide their CDN services.

ergo, the jQuery CDN should be able to use SSL. In reality, MT's implementation of Edgecast does not yet support SSL. This is why the jQuery CDN does not offer a HTTPS version of the library.

wat wat

comment:11 Changed 2 years ago by anonymous

@wislam - Your sense of entitlement is staggering.

comment:12 in reply to: ↑ 10 Changed 23 months ago by anonymous

You could use the links provided on :  http://cdnjs.com/

Replying to etiger13:

Edgecast CDN supports SSL.

MediaTemple is hosting the jQuery CDN.

MediaTemple seems to use Edgecast to provide their CDN services.

ergo, the jQuery CDN should be able to use SSL. In reality, MT's implementation of Edgecast does not yet support SSL. This is why the jQuery CDN does not offer a HTTPS version of the library.

wat wat

comment:13 Changed 18 months ago by arts_x@…

This is going to be very annoying for IE users, since they get security warnings and messages when https pages are mixed with http. As far as rwaldron. Wow. If you are a volunteer you should leave if you are getting paid you should get fired. What kind of responses are those you sound like a 17 year old kid.

comment:14 Changed 17 months ago by anonymous

Yes has same exact problem of calling jquery files on SSL, and no luck still. please send me any solution, even downloded the files locally and tried but they did not worked.

please send me solution to ravinderchd@…

Note: See TracTickets for help on using tickets.