Opened 10 years ago

Closed 10 years ago

#4515 closed Bug (invalid)

load jquery via https

Reported by: reardon Owned by: jordan
Priority: Normal Milestone:
Component: Web Client Version: 2.33+
Severity: Minor Keywords:
Cc:

Description

ie, in index.html:

<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/themes/base/jquery-ui.css" type="text/css" media="all" />


Change History (9)

comment:1 Changed 10 years ago by jordan

  • Component changed from Transmission to Web Client
  • Milestone changed from None Set to 2.40
  • Owner set to jordan
  • Severity changed from Normal to Minor
  • Status changed from new to assigned
  • Version changed from 2.33 to 2.33+

Done in r12922... thanks for the suggestion.

comment:2 Changed 10 years ago by jordan

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:3 Changed 10 years ago by livings124

  • Milestone 2.40 deleted

comment:4 Changed 10 years ago by jordan

  • Milestone set to 2.50
  • Resolution fixed deleted
  • Status changed from closed to reopened
  • Summary changed from load jquery via https to don't load jquery via https

As described at http://encosia.com/cripple-the-google-cdns-caching-with-a-single-character/ --

Using the secure reference everywhere seems like a workable solution, but there’s a major problem with over-using SSL for cacheable, static resources (such as jQuery). For the same reasons that browsers require those assets to be encrypted in the first place, browsers do not cache files to disk if they’ve been retrieved via SSL.

Worse, even if the user has a locally cached copy of jQuery sitting on disk that was requested from Google’s CDN via HTTP, their browser will not utilize that local copy when it encounters an HTTPS reference to the same resource on the same server.

The result is that using HTTPS references to Google’s CDN will result in tremendously under-optimized caching when used on regular HTTP pages. Though you must use secure reference on pages that are secure themselves, you should avoid HTTPS references on pages that don’t require them.

comment:5 Changed 10 years ago by jordan

  • Keywords backport-2.4x added
  • Resolution set to fixed
  • Status changed from reopened to closed

Changed back to http in r12965.

comment:6 Changed 10 years ago by reardon

That article is simply wrong. The stylesheet is nicely cached by any recent (five years) web browser. Chrome, Firefox, IE7+ all do the right thing.

"browsers do not cache files to disk if they’ve been retrieved via SSL. "

WRONG.

http and https references are treated as distinct, but so what? That's a good thing.

The author of the article confused protocol-less urls with SSL, and made a mess.

comment:8 Changed 10 years ago by livings124

  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening to get this sorted out.

comment:9 Changed 10 years ago by jordan

  • Keywords backport-2.4x removed
  • Milestone 2.50 deleted
  • Resolution set to invalid
  • Status changed from reopened to closed
  • Summary changed from don't load jquery via https to load jquery via https

Testing in FF and Chrome, it looks like the files *are* cached even when using https.

Reverted by r12974.

Note: See TracTickets for help on using tickets.