If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Where are JS libraries hosted?

When we included the slideshow JS library in our webpage in the previous talk-through, we typed this URL:
That URL is an absolute URL, which means that it includes the protocol and domain. When we include JS libraries in the Khan Academy environment, we must use an absolute URL so that the environment knows the full path to the library.
If you were working on a webpage on your own computer and you had all the files downloaded, then you could use a relative URL instead, like simply "slideshow.js" or "lib/slideshow.js" if it was inside a folder named "lib". When you're working locally, open your browser's network panel to make sure it found all the local resources like your JS files and CSS files. If the browser couldn't find a resource, you'll see a 404 and you can debug the URL and file location.
Now, back to this URL:
The protocol "https" means that it’s a secure URL. We only allow you to bring in secure resources in Khan Academy webpages, and that's a best practice in web development. Not all servers have HTTPS enabled yet, however, so you may sometimes have to start URLs with "http" in your projects.
The server "cdn.jsdelivr.net" is an example of a content delivery network (CDN). CDNs are optimized for serving static files like JS libraries and serving them very quickly. There are a few big CDNs that host multiple JS libraries (like Google's CDN and cdnjs), and there are some libraries that have their own dedicated CDN.
When you bring a JS library into your webpage from a CDN—or any server that's not your own—you should not trust that server. A malicious server could replace the JS library with code that stole your user's data and sent it somewhere, and you certainly don't want that to happen!
On Khan Academy, we use a security mechanism called CSP in our webpage environment to make sure that you can only bring in resources from servers we trust: bootstrapcdn.com, googleapis.com, jsdelivr.net, and cdnjs.com.
On your own websites, you'll need to make the decision whether to serve the JS library from your own server or include it from an external CDN. Most big websites decide to host libraries on their own server, because they can have more control and make optimizations like combine multiple libraries into a single JS file for better loading performance. It's up to you—just keep in mind everything we talked about here!

Want to join the conversation?