call jquery through https in backend

Found a bug? Tell us!!
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: call jquery through https in backend

Post by onli »

Timbalu wrote:Please read that thread again to see my means.
Wtf? You didn't once in this thread suggest including jquery locally. And if you include stuff locally, you still need to include it via https on a https-site! The article you linked is about including stuff via https from a foreign CDN. Read your sources, don't just link them.

PS: Your question was why to do that, why to use https for that static content, I gave you the answer already.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

Dear Malte,
I don't really see benefits for fighting something which isn't (meant to be) a big thing...

Using href="//cdn.*" is the best way to use with modern browsers, if it is a need! I recommended that to use and it was (patched) committet, trusting YL's Knowledge. And the (cores) local approach is even better, since you don't talk with other servers, if that is not a ressource question. These (now) changed plugins did not have that, because they where old, I presume. Since Garvin changed them to https and YL removing the protocol, without any further discussion, I assume, we do not care about browsers being unable to read this properly, but this is another question... (a new one, that you now brought in - and I can not say, if that breaks the Serendipity compat rule...).

Back to my CDN question. But since Google serves and offers both (http and https) it is just the (my!) question, why then there is a need to use https for libraries, in general, if the first is in action. If I am wrong with that, I will stricly behave quite any further.

The mentioned blog post does not handle my origin question and was just handed by to give some other points to think about, handling cdn request over https. The google page did not talk about it, except recommending to use protocol less references.

And as you see by any follow up answers, it is not even worth taking to much notice about. It was just a thing I for myself wanted to know... why https is a need for google cdn libs here (and I did not mean because of an error, which wasn't the issue with it).

If your misleading answer links to my "So why should we need to do this via https?" question (btw, the real one is underneath), this was a question regarding the originial pasted code, which is a CDN Request. I have to admit, that I did not think about changing that core protocol request too until now, while I could not imagine someone could run a blog on https. But this might also be. So you are right on this not asked question.

Peace!
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: call jquery through https in backend

Post by garvinhicking »

Hi!

onli wrote this earlier - without https, browser will report an error if a lib is called via http. This is the reason. Some people use https for their blog, so all plugins should support https for external protocols.

Using CDN is better for plugins because they can stay easier updated. Now that s9y bundles jquery this will change for future plugins.

REgards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

I am fine with both, Garvin.
I just wanted to state, that this was not my intended question (which was mainly about request traces pushing/carrying content that does not need to be secured). There is no doubt on my side, that ordering something via http on a https site, or vice versa (?), errors for sure and we have to avoid that. But this is/was not the case with Google..., isn't it? Core is and will be something else.
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
yellowled
Regular
Posts: 7111
Joined: Fri Jan 13, 2006 11:46 am
Location: Eutin, Germany
Contact:

Re: call jquery through https in backend

Post by yellowled »

garvinhicking wrote:Using CDN is better for plugins because they can stay easier updated. Now that s9y bundles jquery this will change for future plugins.
Additionally, chances are much higher that a CDN-hosted version of a JS lib already is in the browser's cache, saving an HTTP request.

That being said, with the bundled jQuery in frontend and backend, this really is a pointless discussion.

YL
onli
Regular
Posts: 2825
Joined: Tue Sep 09, 2008 10:04 pm
Contact:

Re: call jquery through https in backend

Post by onli »

Timbalu wrote:I just wanted to state, that this was not my intended question (which was mainly about request traces pushing/carrying content that does not need to be secured).
If the question is still open, feel free to send me a mail in german and restating it.
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: call jquery through https in backend

Post by garvinhicking »

Just for completion's sake:
Timbalu wrote:I just wanted to state, that this was not my intended question (which was mainly about request traces pushing/carrying content that does not need to be secured).
Of course the content does not need to be secured. We are only doing this to prevent a browser warning message (this is what onli answered in a short statement). So this problem is actually bogus, and would need to be discussed by browser vendors (and they can't anticipate the content of http, so they are properly warning the user).

For all people's sake, I consider this discussion now closed. Let's move on to more interesting topics. :)

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

I know you closed that now, since there really are more interesting topics ;-) ...but for that possible error occuring in https blogs, I have a last question: Does our core

Code: Select all

<?php echo $serendipity['serendipityHTTPPath']; ?>templates/jquery.js
automatically switch to a https protocol then? (I have never controlled that for myself...)
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: call jquery through https in backend

Post by garvinhicking »

It's a relative path, so it uses whatever protocoll you open the page with.
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

Arrgh! True! [Closed] ...f****** heat! :wink:
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Bla
Regular
Posts: 25
Joined: Sat Feb 03, 2007 7:42 pm
Location: Germany
Contact:

Re: call jquery through https in backend

Post by Bla »

garvinhicking wrote:Ah, found them. Bayes, template_editor and the jquery plugin itself. Changed them all to https.
And even though serendipity_event_spamblock_bayes looks for the presence of /templates/jquery.js the external //ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js is embedded too in my backend. One too much.

Another method works well:
serendipity_event_lightbox/prettyPhoto looks for serendipity_event_jquery which looks for /templates/jquery.js and so everything is ok.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

Couldn't that be checked easily by

Code: Select all

if (!$serendipity['capabilities']['jquery']) { 
    include the cdn call...
}
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Bla
Regular
Posts: 25
Joined: Sat Feb 03, 2007 7:42 pm
Location: Germany
Contact:

Re: call jquery through https in backend

Post by Bla »

That is what serendipity_event_spamblock_bayes.php does

Code: Select all

#add javascript for usability
if ($serendipity['capabilities']['jquery']) {
    $jquery_needed = false;
} else {
    $jquery_needed = true;
}
but nevertheless they can both be seen in the generated code of spamblock_bayes in the backend.
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Timbalu
Regular
Posts: 4598
Joined: Sun May 02, 2004 3:04 pm

Re: call jquery through https in backend

Post by Timbalu »

Timbalu wrote:https://github.com/s9y/additional_plugi ... ion.tpl#L1
change that to use === instead.
Well the bad thing about this is, that doing it this way (assigning real booleans) is processed different with Smarty 2 (==) and Smarty 3 (===), since the last can now fully read real boolean vars. To stay compatible this would need to pass = 'true' string values and re-ask them in the template by == 'true'.
Well, this {if $jquery_needed} should do also...
Regards,
Ian

Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Post Reply