jQuery Dependency Breaks SSL and Forces Different Version

  • John

    (@kcrnc)


    9 years ago

    This plugin disables the jQuery that ships with wordpress in preference of an different version hosted on ajax.googleapis.com.

    It uses a hardcoded non-https link. See below for the function.

    This means two things:

    A) On any site that uses SSL and this plugin, all jquery functions/scripts will break and/or you will get script warnings that the site is not safe.

    B) You are taking responsibility that using this different version of jQuery will have no impact on wordpress and future versions of wordpress, as well as other plugins that expect the standard shipped version. It is also saying you are okay forcing people to use a third-party cdn, rather than their local site. This is taking on a lot of responsibility, especially since you haven’t updated the plugin in over 5 months.

    public function add_js() {
		wp_deregister_script( 'jquery' );
		wp_enqueue_script('jquery', 'https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js');
        wp_enqueue_script('fancybox', WB_VID_URL.'jquery.fancybox.js');
    }

    I would recommend fixing whatever issue there is with your plugin that requires using a different version of jquery.

    And, please don’t hard-code a non-https version of a third-party script. Really don’t force people to use third-party in the first place, but if you are, use ‘//www.script’ instead of a hard-coded ‘https://’

    https://www.ads-software.com/plugins/workbox-video-from-vimeo-youtube-plugin/

  • The topic ‘jQuery Dependency Breaks SSL and Forces Different Version’ is closed to new replies.