Hardcopy of CDN assests , security , Production












1















I have dotnet core server and I want to get jQuery and bootstrap files.



My question is: on a Production grad software, can I use hard-copy and the server will update the hard-copy of the files on a daily basis from Microsoft CDN or should i follow the warning and let the client get his copy direct form the CDN?



Is there a security issue when using this method?



https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview



Warning :
Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.






jquery security .net-core production microsoft-cdn







share|improve this question

























  • Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

    – DelightedD0D
    Jan 2 at 0:31













  • FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

    – DelightedD0D
    Jan 2 at 0:37











  • Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

    – dxfoso
    Jan 2 at 9:58








  • 1





    can you make your comment as an answer.

    – dxfoso
    Jan 2 at 10:02
















1















I have dotnet core server and I want to get jQuery and bootstrap files.



My question is: on a Production grad software, can I use hard-copy and the server will update the hard-copy of the files on a daily basis from Microsoft CDN or should i follow the warning and let the client get his copy direct form the CDN?



Is there a security issue when using this method?



https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview



Warning :
Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.






jquery security .net-core production microsoft-cdn







share|improve this question

























  • Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

    – DelightedD0D
    Jan 2 at 0:31













  • FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

    – DelightedD0D
    Jan 2 at 0:37











  • Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

    – dxfoso
    Jan 2 at 9:58








  • 1





    can you make your comment as an answer.

    – dxfoso
    Jan 2 at 10:02














1












1








1








I have dotnet core server and I want to get jQuery and bootstrap files.



My question is: on a Production grad software, can I use hard-copy and the server will update the hard-copy of the files on a daily basis from Microsoft CDN or should i follow the warning and let the client get his copy direct form the CDN?



Is there a security issue when using this method?



https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview



Warning :
Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.






jquery security .net-core production microsoft-cdn







share|improve this question
















I have dotnet core server and I want to get jQuery and bootstrap files.



My question is: on a Production grad software, can I use hard-copy and the server will update the hard-copy of the files on a daily basis from Microsoft CDN or should i follow the warning and let the client get his copy direct form the CDN?



Is there a security issue when using this method?



https://docs.microsoft.com/en-us/aspnet/ajax/cdn/overview



Warning :
Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.






jquery security .net-core production microsoft-cdn




jquery security .net-core production microsoft-cdn






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 8 at 21:42









marc_s

581k13011211268




581k13011211268










asked Jan 1 at 22:03









dxfosodxfoso

814




814













  • Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

    – DelightedD0D
    Jan 2 at 0:31













  • FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

    – DelightedD0D
    Jan 2 at 0:37











  • Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

    – dxfoso
    Jan 2 at 9:58








  • 1





    can you make your comment as an answer.

    – dxfoso
    Jan 2 at 10:02



















  • Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

    – DelightedD0D
    Jan 2 at 0:31













  • FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

    – DelightedD0D
    Jan 2 at 0:37











  • Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

    – dxfoso
    Jan 2 at 9:58








  • 1





    can you make your comment as an answer.

    – dxfoso
    Jan 2 at 10:02

















Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

– DelightedD0D
Jan 2 at 0:31







Using a CDN is not a security risk but it does mean your application wont work properly if the CDN provider is down (shouldnt happen but it does). If you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. This will not "autoupdate" the file as you've asked for, but IMHO autoupdating a dependency like jQuery is a decidedly BAD idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on that version, changing such things should be done with caution and tested

– DelightedD0D
Jan 2 at 0:31















FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

– DelightedD0D
Jan 2 at 0:37





FYI, the CDN files you speak of should NEVER change. CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content

– DelightedD0D
Jan 2 at 0:37













Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

– dxfoso
Jan 2 at 9:58







Thanks for your time , but what is the meaning of hard dependency on CDN assets? can you explain please

– dxfoso
Jan 2 at 9:58






1




1





can you make your comment as an answer.

– dxfoso
Jan 2 at 10:02





can you make your comment as an answer.

– dxfoso
Jan 2 at 10:02












1 Answer
1






active

oldest

votes


















0














Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).



For why you would or wouldn't want to use a CDN, I'll defer to more informed folks



If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.



This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.



FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.



Regarding this bit:




Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.




Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.



Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.






share|improve this answer


























  • @dxfoso Happy to help :)

    – DelightedD0D
    Jan 3 at 13:17











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53999287%2fhardcopy-of-cdn-assests-security-production%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).



For why you would or wouldn't want to use a CDN, I'll defer to more informed folks



If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.



This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.



FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.



Regarding this bit:




Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.




Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.



Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.






share|improve this answer


























  • @dxfoso Happy to help :)

    – DelightedD0D
    Jan 3 at 13:17
















0














Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).



For why you would or wouldn't want to use a CDN, I'll defer to more informed folks



If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.



This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.



FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.



Regarding this bit:




Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.




Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.



Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.






share|improve this answer


























  • @dxfoso Happy to help :)

    – DelightedD0D
    Jan 3 at 13:17














0












0








0







Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).



For why you would or wouldn't want to use a CDN, I'll defer to more informed folks



If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.



This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.



FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.



Regarding this bit:




Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.




Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.



Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.






share|improve this answer















Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).



For why you would or wouldn't want to use a CDN, I'll defer to more informed folks



If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.



This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.



FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.



Regarding this bit:




Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.




Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.



Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 3 at 7:04

























answered Jan 3 at 6:55









DelightedD0DDelightedD0D

12.1k155394




12.1k155394













  • @dxfoso Happy to help :)

    – DelightedD0D
    Jan 3 at 13:17



















  • @dxfoso Happy to help :)

    – DelightedD0D
    Jan 3 at 13:17

















@dxfoso Happy to help :)

– DelightedD0D
Jan 3 at 13:17





@dxfoso Happy to help :)

– DelightedD0D
Jan 3 at 13:17




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53999287%2fhardcopy-of-cdn-assests-security-production%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

MongoDB - Not Authorized To Execute Command

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
Read more

How to fix TextFormField cause rebuild widget in Flutter

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
Read more

in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

Image
1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
Read more