Serendipity Forums

I don't know where i could find/fix it, but within backend jquery from google is loading with http:
Could we/you change this to https? yellowled already did it within 2k11 for webfonts too.

Serendipity core does not bundle jquery via google, AFAIK!! Only locally!
https://github.com/s9y/Serendipity/comm ... /jquery.js

So why should we need to do this via https?

And even if, web fonts and js libraries are no secure data (in my eyes), why should any want to tunnel this through https, loosing performances?

Hi!

This could come from an event plugin... but which one

Regards,
Garvin

Hi!

Ah, found them. Bayes, template_editor and the jquery plugin itself. Changed them all to https.

Regards,
Garvin

Even if I still remain to my question, the 2.0 solution using "//" only is better!

garvinhicking wrote:Ah, found them. Bayes, template_editor and the jquery plugin itself. Changed them all to https.

I found the same one, but you have been faster than me

Hm, true. Forgot about that again, this "//" is something new for me. Go ahead if you'd like to change this

Regards,
Garvin

garvinhicking wrote:Forgot about that again, this "//" is something new for me.

It is BTW the way Google recommends to reference assets hosted on their CDN, see https://developers.google.com/speed/lib ... #Libraries

YL

garvinhicking wrote:Go ahead if you'd like to change this

✔ Done

YL

Thank you

Agreed!

Anyway, but what about my question? I still do not really see the benefit of changing to http(s)ecure.
Http and https are equal in trace routing, as long all traceservers also support https, the only difference is that a man-in-the-middle can't read my data as plaintext, which IMO isn't really a matter with (font/js)-CDN-libraries...

A YUI-Dev says this: http://wonko.com/post/javascript-ssl-cdn

The browser shows a warning if you include stuff via http on a https-site, and normally refuses to load the unsafe content.

But the issue on changing this from http to https was not an error, I presume.
So, is that an answer to my originating question? Google serves both.

I know riding this (dead) horse is like playing in the sand, but secured traces mean more costs, more power, and less nature environment at least ... (*)

(*) and make the work more hard for our friends in overseas...!

Ian, that is one of the situatuions where I don't know if you understand what I sayed and the issue at all or if I'm missing the point ;)

The site YL linked would include jQuery in this way: While I know that this didn't work a few browser-versions ago when I tried to use that, that switches between https and http depending on the protocol used on the parent site. It is just no option to include stuff via http on a https-site as long as the browser throws a warning when doing that.

The alternative is not to use http regardless but to host the stuff locally, which we do (from 1.7 on? at least in 2.0).

Well, if you leave me the choice, I'd say definitely the last!
Please read that thread again to see my means.