Closed paulsmithkc closed 4 years ago
Confirmed via https://code.jquery.com/qunit/ vs http://code.jquery.com/qunit/.
I'd prefer not to complicate or hardcode in the UI code for code.jquery.com which protocol to use (also because it makes local testing harder). I'm closing this in favour of https://github.com/jquery/codeorigin.jquery.com/issues/63, which effectively solves the same issue.
If you go to https://code.jquery.com and request a script tag, it will load the script over https.
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous">
However, if you just navigate to the website via the address bar or google, you will get the HTTP website instead (http://code.jquery.com). This version of the website produces incorrect code that points to HTTP website. This is completely non-obvious to the developer and leads to jQuery not being loaded properly over HTTPS.
Please fix this so both versions of the website provide script links that point to https://code.jquery.com