[taspeotis]

Well let's assume that each URL or domain that is blocked is reviewed by a human who's paid to look at content, not necessarily to have technical knowledge.

They'd be much more likely to know that blocking anything from Google is probably a bad idea/false positive but they've probably never heard of jQuery and when they look at the jquery*.js files all they see is The Matrix.

So if you allow the above assumption, it's less likely that using Google's CDN would present this problem.

[mattmanser]

So they've never heard of jQuery, but they won't think that googleapis.com looks like a dodgy site as it's trying to pretend to be google.com?

[VLM]

Now that the secret's out, that google won't be blocked, expect the next wave of malware to be served from drive.google.com public links.

There might, just possibly, be a meta lesson here that whack-a-mole blocking doesn't work and is basically a lost cause / waste of time. Try solving the problem another way.

On the other hand, its excellent security theater operating perfectly. Sometimes security is inconvenient, therefore anything inconvenient must be secure, therefore this is great PR.

[ftfish]

I believe that countries that block Google block all their domains, including their CDN. This was actually an issue once when one of my "projects" was used by co-workers in China.

Regardless of which CDN you use, having a fallback is a must (see rmrfrmrf's post). Also, if you are making a website (as opposed to a web app), it really shouldn't "break" without JavaScript/jQuery.

[rmc]

Well let's assume that each URL or domain that is blocked is reviewed by a human who's paid to look at content, not necessarily to have technical knowledge.

That's unlikely. Some parental control filters from ISPs were blocking big name childrens charities like Childline. If they blocked that, then that shows they are very incompetent