Krinkle
commented
4 years ago Confirmed via https://code.jquery.com/qunit/ vs http://code.jquery.com/qunit/.
Closed paulsmithkc closed 4 years ago
Krinkle
commented
4 years ago Confirmed via https://code.jquery.com/qunit/ vs http://code.jquery.com/qunit/.
Krinkle
commented
4 years ago I'd prefer not to complicate or hardcode in the UI code for code.jquery.com which protocol to use (also because it makes local testing harder). I'm closing this in favour of https://github.com/jquery/codeorigin.jquery.com/issues/63, which effectively solves the same issue.
If you go to https://code.jquery.com and request a script tag, it will load the script over https.
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous">
However, if you just navigate to the website via the address bar or google, you will get the HTTP website instead (http://code.jquery.com). This version of the website produces incorrect code that points to HTTP website. This is completely non-obvious to the developer and leads to jQuery not being loaded properly over HTTPS.
Please fix this so both versions of the website provide script links that point to https://code.jquery.com