Getting javascript libraries from Google / Microsoft CDNs through SSL

Question

I'm getting a couple of libraries from Google / Microsoft CDNs.

ONLY one page on the system uses SSL but since I'm referencing libraries on the master page I'm getting the javascript libraries using the SSL so the single page that actually requires it doesn't throw security errors because accessing unsafe resources.

I've read that the browser cache doesn't work for most of the browsers if the resource is loaded using SSL, my test using fiddler indicates the opposite (Firefox and IE).

What's the truth? I'm using the CDN for improving performance so if getting the library using SSL is against my purpose, I would revert this "improvement".

I could build send the code for referencing the library on the code behind ans use SSL or not according the case, but I would like to avoid this.

Thanks!

Answer 1

It's common practice to not cache secure web pages on disk. This effectively negates advantage of precached scripts. In other hand secure page requisites SHOULD be served using secure connection. You have to choose between convenience and security.

Answer 2

You want to include jquery like this:

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.js"></script>

Notice that is doesn't specify http or https; This allows the browser to continue whatever mode it is currently running in.

If I'm understanding your question correctly, of course.