But the simple fact of the matter is if the CDN goes down, your site essentially goes down. Everything else might be up and working great, but how well will the UI function if the user can't pull in jQuery? I just don't see any value in taking a dependency on these third parties for hosting JS libs and the like.
<script src="//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.x.x.min.js" type="text/javascript"></script>
<script type="text/javascript">
window.jQuery || document.write(unescape('%3Cscript src="/scripts/jquery-1.x.x.min.js"%3E%3C/script%3E'))
</script>When hosted locally it would result in 1 less DNS lookup, as well it could reuse an open HTTP connection to fetch the resource.
Edit: To clarify - the reason I don't like the above solution is because if the CDN is slow to respond for some reason, you've just wasted a bunch of your user's time before loading your self hosted version.
this.jQuery||document.write('<script src="js/jquery-1.8.3.min.js"></sc'+'ript>')If you have the infrastructure ($$$) to support your own web services on the order of 99.999%+, then by all means host it yourself, otherwise you're most likely never going to have a problem with it (especially if you include a fallback method).
Whatever happened to using progressive enhancement techniques which meant the site would continue to work, albeit with basic functionality, for users even without JavaScript?
I understand for some sites this is not possible, but for a lot of sites it would be perfectly acceptable...
My feeling is that if you're going to make your site's uptime dependent on another, at least make it for something worthwhile that you can't host yourself, either because it's too demanding or too proprietary.
That's a terrible idea, and of course you shouldn't do that.
You provide a fallback for the CDN...
Perhaps its not a core-competency of the company? When you're a small company you only get a few employees to work with maybe none, so you find ways to get the stuff you don't know how to do, done. Whether its contract work for design, or outsourcing operations to the cloud.
http://media.blackhat.com/bh-us-12/Briefings/Alonso/BH_US_12..., or https://www.youtube.com/watch?v=ZCNZJ_7f0Hk (quite entertaining presentation)
the tl:dr is users browse a short time via an anonymous proxy (c'mon, many do), the proxy MITM's these CDN's JS lib requests and serves up poisoned versions that work but also check a mothership server to load in further poisoned + persistently cached JS files for popular websites (banking, facebook, etc). User then ends their proxy session but future visits (even direct, not via proxy) to sites loads in the now cached poisoned JS libs. Phishing, credential theft, clipboard theft, etc is all now possible
The requirement to trust the admin isn't about the admin MITMing you, but rather trusting their competency in preventing other users MITMing you. Of course the admin could be bad as well.
"yepnope.js has the capability to do resource fallbacks and still download dependent scripts in parallel with the first."