Menu
I've heard all the cases in favour of using a CDN like Google APIs to host JavaScript libraries like JQuery and Prototype for my web application. It's faster, saves bandwidth, permits parallel loading of scripts, and so on. But I recently came across the following comment in Douglas Crockford's json2.js script:
USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO NOT CONTROL.
I'm curious what his argument might be behind this assertion, and whether it's specifically targeted at users of public CDNs like Google's, or something else?
496
CDNs are best suited for today's modern websites which involve different types of media files and a combination of static and dynamic content. With a local server hosting your website, the scope is also quite narrow and focused, and you don't have to worry about the nature and configuration of a network of servers.
CDNs are used widely for delivering stylesheets and JavaScript files (static assets) of libraries like Bootstrap, jQuery etc. Using CDN for those library files is preferable for a number of reasons: Serving libraries' static assets over CDN lowers the request burden on an organization's own servers.
Using CDN is preferred as it improves the site performance. Yes, users accessing a site from behind strict firewall rules can face issues to access CDN urls. In that case you can download jQuery. I would advise using bower to install it so you can upgrade / maintain jQuery easily.
Unfortunately, security for a CDN can come with risks. Unlike firewalls, CDNs alone are unable to block bad bots from infecting a website. As such, it's possible to hijack and exploit CDN servers containing cached information in a variety of ways.
Assuming he's talking about professionally hosted CDNs like Google, then the best bet is to do this:
<!-- Grab Google CDN's jQuery, with a protocol relative URL; fall back to local if necessary -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.js"></script>
<script>window.jQuery || document.write("<script src='js/libs/jquery-1.5.1.min.js'>\x3C/script>")</script>
(taken from http://html5boilerplate.com/)
That way, you get all the benefits, without the risk of your website breaking if Google's CDN goes down.
But, he said:
USE YOUR OWN COPY. IT IS EXTREMELY UNWISE TO LOAD CODE FROM SERVERS YOU DO NOT CONTROL.
I don't actually think he's talking about CDNs. I think he's just saying "don't hotlink scripts from random websites".
You wouldn't want to do this because the website might change where the script is located, or even change the script. A CDN would never do this.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
