Cross domain and google CDN for jquery [closed]

Closed. This question is opinion-based. It is not currently accepting answers.

---

开发者_C百科

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

Closed 6 years ago.

Improve this question

Doesn't using Google CDN for jquery break the rule of not using cross domain requests on the webpage. Do we trust Google enough to do this?

---

The use of script tags from a foreign website are allowed within the browser itself. Because it is presumed that you intend to load this functionality. The scripts loaded are not able to communicate directly with the foreign domain though (XHR same-origin, except with CORS). Now, this is precisely why you don't want to allow for un-checked user input that could load a script from a foreign site. It is possible for a foreign script to do things you don't want, but if it is from a trusted source, it should be fine.

If google was caught to be using an injection via their CDN, there would be severe backlash, and I doubt it would ever happen, and if it did, would be corrected far more quickly than you would even notice the issue.

---

No, it doesn't break the rules of cross domain requests. When you include jQuery from Google's CDN, you are simply including a resource into your page (much like linking to an image). This does not fall into the Same Origin Policy security concept to which I assume you refer, which mostly encompasses XHR (ajax) requests.