Friday, August 21, 2015

Using a CDN for your Script and Style Content on an SSL-secured ASP.NET Web Application

If you haven't already read about the SSL security features in newer browsers such as Google Chrome and Mozilla Firefox, these browsers are essentially blocking any non-secured content from being downloaded and viewed by the client.

In other words, the "Mixed content" prompt you used to receive while browsing sites with Internet Explorer will not work in browsers such as Google Chrome and Mozilla Firefox.  Instead, you will get an error like the following:






Therefore, if you an SSL-secured ASP.NET Web Site, the best thing to do is to make sure that you always use an SSL Url for your CDN.

For example, the Microsoft Ajax CDN (http://www.asp.net/ajax/cdn) does not publish any of the Urls as https:// Urls, but they are available both on the http:// and https:// protocols.

Other CDNs such as Google CDN (https://developers.google.com/speed/libraries/) and Bootstrap CDN (http://www.bootstrapcdn.com/) publish their CDN Urls as https:// by default.

Finally, other CDNs such as the jQuery CDN (https://jquery.com/download/) makes it clear that you can use either the http:// or https:// protocols since you simply prefix the Url as //code.jquery.com and do not explicitly specify a protocol.


4 comments:

  1. Why would we not use JavaScript library on a CDN if the webpage is using SSL (https)?
    load balancing server

    ReplyDelete
  2. I visited your blog for the first time and just been your fan. I Will be back often to check up on new stuff you post!
    Top VPN Provider

    ReplyDelete
  3. Post is very informative,It helped me with great information so I really believe you will do much better in the future.
    change my ip

    ReplyDelete
  4. This is a really good read for me, Must admit that you are one of the best bloggers I ever saw.Thanks for posting this informative article.
    خريد وی پی ان

    ReplyDelete