Forum Discussion
Solved
Bundling and "externals"
My current project uses jQuery and sp-pnp-js, and I have moved these to a document library in a "cdn" site collection in my tenant (it's not a *real* CDN, I just call it that -- it really is just a d...
You don't need to do this. What you're looking at is a project created an older version of the SharePoint Framework, where more packages have been listed as external. In the latest version it's not required anymore which is why you're not seeing them anymore.
"Public" is a poorly choosen word, all that it means is that anyone who has access to the tenant will have access to the resource. If you are not already logged into the tenant then you cannot get to the item in the "public CDN". VesaJuvonen explained this in his demo.
Interesting that you would say that because that's not what I remember from his demo, and a subsequent Webinar on JS security from Rencore a few weeks ago made a point of saying that using a CDN was a trade-off to get better performance at the expense of the asset's security.
Can you point me to the "spot" in the video where Vesa says this? Thanks.
See the FAQ in the announcement at https://dev.office.com/blogs/general-availability-of-office-365-cdn
Thanks, guys. Very helpful information. Should help clarify things for the client! :)
I don't know about the exact bit you're referring to, but what Vesa said, makes sense if you're thinking about using a public CDN. Imagine: you're loading a script from a location that you have no control over. If that script gets hacked, and given that it's running without any restrictions on your intranet pages, it could be used to gain access to your confidential data. This risk is not specific to CDNs: any location that's not properly secured and doesn't have its governance in place poses the same risks.
It's worth keeping in mind that using a CDN doesn't guarantee a better performance. If your organization has one office or is located in one region, you could get better performance from a hosting location optimized for serving static assets than from a CDN. CDN offers you the most benefits, when your users are spread all over the world.