CODEWITHSUNDEEP
javascripthtmlsslcdn
Simon Kuang
Simon Kuang

Reputation: 3940

Why not CDN everything?

It looks like AJAX is indeed unable (at least for all practical purposes) to write foreign HTML to the current page. But what if your CDN website had, say, a JS that would simply document.write() everything? Then your HTML document would have nothing but a remote script.

<html>
<script src="https://pastebin.com/raw.php?i=0wm5v7i6">
</script>
</html>

I tried this. Funny thing is, sometimes it works and other times it does a kind of security error:

ss1

Why doesn't this work? What if, on your own website, you simply put everything on an easy host like Google Drive?

Upvotes: 1

Views: 233

Answers (2)

JLRishe
JLRishe

Reputation: 101700

From the looks of it, PasteBin doesn't supply content over SSL (https). You've put https in the URL to your script, but PasteBin just redirects this request to http, and the net effect is that you are trying to access a script over http when the page is accessed over https, and Chrome prevents that.

Just try going to https://pastebin.com/raw.php?i=0wm5v7i6: your browser will be redirected to http://pastebin.com/raw.php?i=0wm5v7i6.

Upvotes: 0

Steffen Ullrich
Steffen Ullrich

Reputation: 123380

What if, on your own website, you simply put everything on an easy host like Google Drive?

That is possible, unless

  • You want control over your website and don't want to depend on the security and availibility of another site, or that somebody reports your pastebin as abuse and it gets deleted.
  • You want to make proper use of security features like content security policy and don't want to allow everything from pastebin.com.
  • You want search engines to find you. Although at least google does limited interpretation of JavaScript I doubt that they will handle this content the way you like.

Upvotes: 2

Related Questions