不使用公共 CDN 加载 Javascript 库有什么好处吗?
[英]Is there a benefit to NOT using a public CDN to load Javascript libraries?
问题描述
I've heard all the cases in favour of using a CDN like Google APIs to host JavaScript libraries like JQuery and Prototype for my web application.
我听说过所有支持使用Google API之类的 CDN 来托管 JavaScript 库(例如 JQuery 和我的 web 应用程序的原型)的案例。 It's faster, saves bandwidth, permits parallel loading of scripts, and so on.它更快、节省带宽、允许并行加载脚本等等。 But I recently came across the following comment in Douglas Crockford's json2.js script:但我最近在 Douglas Crockford 的json2.js脚本中看到了以下评论:
USE YOUR OWN COPY.
I'm curious what his argument might be behind this assertion, and whether it's specifically targeted at users of public CDNs like Google's, or something else?我很好奇他的论点可能在这个断言背后,以及它是否专门针对像谷歌这样的公共 CDN 的用户,还是其他什么?
8 个解决方案
解决方案1
10 已采纳 2011-06-03 15:15:13
Assuming he's talking about professionally hosted CDNs like Google, then the best bet is to do this:假设他说的是像 Google 这样的专业托管 CDN,那么最好的选择是这样做:
<!-- Grab Google CDN's jQuery, with a protocol relative URL; fall back to local if necessary -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.js"></script>
<script>window.jQuery || document.write("<script src='js/libs/jquery-1.5.1.min.js'>\x3C/script>")</script>
(taken from http://html5boilerplate.com/ ) (取自http://html5boilerplate.com/ )
That way, you get all the benefits, without the risk of your website breaking if Google's CDN goes down.这样,您就可以获得所有好处,而且如果 Google 的 CDN 出现故障,您的网站不会有崩溃的风险。
But, he said:但是,他说:
USE YOUR OWN COPY.
I don't actually think he's talking about CDNs.我实际上并不认为他在谈论 CDN。 I think he's just saying "don't hotlink scripts from random websites".我认为他只是在说“不要从随机网站盗链脚本”。
You wouldn't want to do this because the website might change where the script is located, or even change the script .您不想这样做,因为网站可能会更改脚本所在的位置,甚至更改脚本。 A CDN would never do this. CDN 永远不会这样做。
解决方案2
2 2011-06-03 15:13:47
Basically, it's a matter of trust.基本上,这是一个信任问题。 You need to trust the host to not change anything in the hosted file and you need to trust in the availability of the file.您需要信任主机不会更改托管文件中的任何内容,并且您需要信任文件的可用性。 Can you be absolutely sure that the URL will not change?您能绝对确定 URL 不会改变吗? Are you comfortable with the fact that any downtime of their servers results in downtime of your application?您对他们的服务器的任何停机时间都会导致您的应用程序停机这一事实感到满意吗?
解决方案3
0 2011-06-03 15:11:42
The reason is, if the server you are dependent on goes down, and yours doesn't.原因是,如果您依赖的服务器出现故障,而您的服务器没有。 The experience of your site suffers.您的网站体验会受到影响。 There are ways to have a fallback in place so if jquery or some other script doesn't load, then you can use a copy you host as a backup.有一些方法可以进行回退,因此如果 jquery 或其他一些脚本没有加载,那么您可以使用您托管的副本作为备份。
The other time you shouldn't use it is in a Intranet application scenario, where the bandwidth is not typically an issue.另一次您不应该使用它是在 Intranet 应用程序场景中,带宽通常不是问题。
A way to create a fallback from Jon Galloway: http://weblogs.asp.net/jgalloway/archive/2010/01/21/using-cdn-hosted-jquery-with-a-local-fall-back-copy.aspx一种从 Jon Galloway 创建后备的方法: http://weblogs.asp.net/jgalloway/archive/2010/01/21/using-cdn-hosted-jquery-with-a-local-fall-back-copy。 aspx
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.3.2.min.js"></script>
<script type="text/javascript">
if (typeof jQuery == 'undefined')
{
document.write(unescape("%3Cscript src='/Scripts/jquery-1.3.2.min.js' type='text/javascript'%3E%3C/script%3E"));
}
</script>
解决方案4
0 2011-06-03 15:11:54
If a public server's js is compromised (availability, security or bug-wise), then the visitors to your site will be affected and likely blame you.如果公共服务器的 js 受到损害(可用性、安全性或错误),那么您网站的访问者将受到影响并可能责怪您。 On the other hand, what are the chances of Google's CDN being compromised over the chances of some smaller company's server?另一方面,谷歌的 CDN 被一些小公司的服务器入侵的可能性有多大? You also lose out on all the caching advantages that a CDN gives you when you host locally.当您在本地托管时,您还会失去 CDN 为您提供的所有缓存优势。
解决方案5
0 2011-06-03 15:11:56
While some of these other answers are certainly valid, we have a slightly different/additional reason.虽然其中一些其他答案肯定是有效的,但我们有一个稍微不同/额外的原因。
We have a process that determines, on first request, evaluates which static content is required for any given page.我们有一个流程,可根据第一次请求确定任何给定页面需要哪些 static 内容。 In the background, this static content (js, css) is merged and minified into a single file (1 for JS, 1 for CSS), and then all future requests are served with a single file, instead of multiple.在后台,此 static 内容(js、css)被合并并缩小为单个文件(JS 为 1 个,CSS 为 1 个),然后所有未来的请求都使用单个文件而不是多个文件提供服务。
While we could, theoretically, exclude files that may be served on a CDN and use the CDN for those, it's actually easier (because we'd actually have to add code to handle exclusions) and in some cases, faster than using a CDN.虽然理论上我们可以排除可能在 CDN 上提供的文件并使用 CDN,但实际上它更容易(因为我们实际上必须添加代码来处理排除),并且在某些情况下,比使用 CDN 更快。
解决方案6
0 2011-06-03 15:12:01
jQuery is open source. jQuery 是开源的。 If you've made a modification to the internals, then obviously you can't host off another person's server.如果您对内部进行了修改,那么显然您无法托管其他人的服务器。 In general, hosting other people's scripts is a security risk;一般来说,托管其他人的脚本是一种安全风险; they could change the script without ever telling you, and now you're linking it onto your pages.他们可以在不告诉您的情况下更改脚本,现在您将其链接到您的页面上。
It's a matter of trust;这是一个信任问题; do you trust that whatever CDN will be secure to not host a malicious script in the location of the script you want?您是否相信任何 CDN 都不会在您想要的脚本位置托管恶意脚本?
解决方案7
0 2011-06-03 15:24:53
In addition to all the other answers:除了所有其他答案:
You want to worry about serving your pages over SSL (ie https) but your JS over straight http from a different source.您想担心通过 SSL(即 https)提供您的页面,但您的 JS 通过来自不同来源的直接 http 提供服务。 Browsers can complain (sometimes in an alarming way) about secured and unsecured items.浏览器可能会抱怨(有时以惊人的方式)关于安全和不安全的项目。
In addition, people browsing with the noscript extension (or similar) need to allow JS to run from multiple different sources.此外,使用 noscript 扩展(或类似扩展)浏览的人需要允许 JS 从多个不同的源运行。 Not that big a deal if you are using a major CDN (as chances are they'll have allowed it at some point in the past) but you then need to worry that they are allowing only SOME of your JS.如果您使用主要的 CDN,这没什么大不了的(因为他们可能在过去的某个时候允许这样做),但是您需要担心他们只允许您的一些 JS。
解决方案8
0 2021-01-28 01:18:15
Modern answer : yes, availability现代答案:是的,可用性
Other people's servers (regardless of a public CDN or some random nondescript site) might go down, breaking your app's availability.其他人的服务器(无论是公共 CDN 或一些随机的非描述性站点)可能会 go 停机,从而破坏您的应用程序的可用性。
The CDN might also be compromised, causing your app to execute harmful code, but this issue can be mitigated with Subresource Integrity (SRI). CDN 也可能受到威胁,导致您的应用程序执行有害代码,但可以通过子资源完整性 (SRI) 缓解此问题。
If you host it on your own server that you control, it would become unavailable at the same time your entire app becomes unavailable, rather than at some arbitrary time under someone else's control.如果您将其托管在您自己控制的服务器上,那么它将在您的整个应用程序变得不可用的同时变得不可用,而不是在其他人控制的某个任意时间。
Using a public CDN has tradeoffs and might be worth it in some cases (for example, to save bandwidth).使用公共 CDN 需要权衡取舍,并且在某些情况下可能是值得的(例如,为了节省带宽)。
<!-- best -->
<script src="your_own_server/framework.js"></script>
<!-- second-best (using public CDN) -->
<script src="https://public-cdn.example/framework.js">
integrity="sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
crossorigin="anonymous"></script>
<!-- do not use -->
<script src="https://random-server-without-cors.example/framework.js"></script>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.