Not sure why we would be calling google java scripts but if we are.
Google works directly with the key stakeholders for each library effort and accepts the latest versions as they are released.
To load a hosted library, copy and paste the HTML snippet for that library (shown below) in your web page. For instance, to load jQuery, embed the <script src="https://ajax.googleapis.com/ajax/libs/j ... "></script
> snippet in your web page.
We recommend that you load libraries from the CDN via HTTPS, even if your own website only uses HTTP
. Nowadays, performance is fast, and caching works just the same. The CDN's files are served with CORS and Timing-Allow headers and allowed to be cached for 1 year.
That's...odd. Why would Coldsteel's/TheMix's browser be loading via http while the rest of us, presumably, are loading over https?
edit: and I just looked and my old version of firefox is blocking the unsecure content but wasn't telling me about it. When I asked, it said "yep". So that explains why I'm not getting the alerts. Firefox didn't want to bother me, apparently.
edit2: Surprising absolutely no one, it's the same content TheMix pointed out.
edit3: Mobile version of chrome is reporting no errors and tells me the site is completely encrypted and "safe". The plot thickens.
edit4: Despite edit3, looking at the page source on mobile Chrome reveals that the calls are exactly the same as the desktop calls. i.e. unsecured http. Why Chrome is not reporting this as unencrypted is the question, and a pretty serious one imo. It's possible that Chrome, being a google product, trusts google sites implicitly, but without an identifying cert, how the the browser can be sure it is *really* talking to google is a question. Imo Chrome is not doing that, so wtf is it doing that it doesn't bother to tell me some content on the page is in the clear?