Our site has asp.net mvc 3 platform and has an expensive ssl setup to show the user an EV trust seal but when we use kendo controls we lose it because the page is "partially encrypted" at that point. In IE the whole padlock seal goes away all together.
http://cdn.kendostatic.com/2012.1.322/styles/Default/sprite.png etc...
We use the web.all.js file... I would personally prefer to host the images and not have it call a cdn, but if that isn't an option... could there maybe an option to pass the js file a query string or something so it will call https resources?
I understand the benefits cdn's can bring, epecially for files like jquery where ,millions of sites have it and most browsers/cpu's would have it cached, but in our case we would prefer to house the files ourselves... and not have to break into the web.all.js scripts to do it too if possible.
10 Answers, 1 is accepted

CDN
The minified versions of all JavaScript files (except jQuery) are also available via CDN
http://cdn.kendostatic.com/<version>/js/<filename>.min.js
e.g. http://cdn.kendostatic.com/2011.3.1129/js/kendo.all.min.js
Important: in order to use HTTPS at this point, you need to directly access the CloudFront CDN:https://da7xgjtj801h2.cloudfront.net/<version>/js/<filename>.min.js

Since we host our kendo js it is all https, however I now realized we are using some themebuilder CSS which has static references to some http cdn images. We ended up downloading the images to our server and changed the CSS file to local relative references and we are now running 100% https.
I would say it may worth suggesting the kendo css themebuider have an https option maybe... ??


Will there be a patch/fix for this soon?

If you host the js files yourself (on your local or web server) yes the server will take care of the http/https... it is the CDN (hosted by telerik servers) that was the concern. Our issue ended up actually being a CSS file (from telerik's themebuilder) that had a "hardcoded" reference to non-https images to CDN images (hosted by telerik servers). So if you reference any non-https resources the browsers will no longer verify encryption and in some cases even stop the page from loading and display errors to users... yuk... Downloading the images and changing the CSS allows anyone to do https with custom CSS (optional) and not have to do any hard coding.

My plan was just to use the https versions of everything, even on my http site, but it looks like the editor makes a call back somewhere which causes a permission denied in IE.
So now, I need to actually construct URL's based on the protocol.
The Telerik CDN is hosted on Amazon CloudFront. The latter currently does not support CNAMEs in HTTPS mode. More info can be found in their documentation: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
This is the reason why the CDN assets have different URL depending on the protocol.
As a workaround you can avoid using the CNAME version at all. So you can only include
//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
In HTTP this would include
http://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
and in HTTPS it would include
https://da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
Atanas Korchev
the Telerik team

//da7xgjtj801h2.cloudfront.net/2012.2.710/js/kendo.all.min.js
as a url for javascript
More information can be found in the following article.
Kind regards,
Alex Gyoshev
the Telerik team

We had the same problem as Zack recently, where the kendo control was accessing the CDN even though all of our resources were being hosted locally.
The issue was that themebuilder contained static HTTP references to the CDN. I ended up chasing ghosts for several hours until I came across this.
Themebuilder either needs to use a protocol agnostic format, or allow the user to select HTTPs manually.
Hopefully this helps others.
Cheers,
Ray