Building an MVC 2.0 web site and using Content Delivery Network (CDN) in my Site.Master. I’m using the following CDN:
- Yahoo’s reset-fonts-grids.css
- jQuery 1.4.2
- jQuery Validation
All of these CDN are delivered using http://
My web site currently supports both SSL and non-SSL pages.
When navigating to SSL enabled pages, I get an error because the CDN are linked to HTTP://
Although I’m aware that you can use an SSL version of CDN but my question is more like:
Since I have non-SSL and SSL pages all sharing the same *Site.Master* what should I do?
Should I simply get the SSL enabled version one for both SSL and non-SSL pages?
Or should I do some kinda of “if…else”?
Any Pros or Cons to any of these approach?
Thanks
if…elselooks the most viable solution, although you may want to always use SSL and forget about everything.Warnings about pages with mixed-security contents are reasonable, because scripts may be exploitable over insecure connections. Think to a banking website with a hacked script that forwards the HTML markup of your account history to a malicious user.
There is no con in using an
if–elsestatement to check which protocol string to prepend to the URL of an external resource, not even performance (checks are done in microseconds…), however, about performance, a drawback in always using SSL, while not needed, is present, because the browser will have to establish a secure connection (SSL/TLS handshake) and perform lots of unnecessary cryptographic operations.I would go for the
if–else, and since you use a master page, you have less places in your code to modify!