When we included the slideshow JS library in our webpage in the previous talk-through, we typed this URL: https://cdn.rawgit.com/pamelafox/a8b77c43f56da1753348/raw/slideshow.js
That URL is an "absolute" URL, which means that it includes the protocol and domain. When we include JS libraries in the Khan Academy environment, we must use an absolute URL so that the environment knows the full path to the library.
If you were working on a webpage on your own computer and you had all the files downloaded, then you could use a "relative" URL instead, like simply slideshow.js or lib/slideshow.js if it was inside a folder named lib. When you're working locally, make sure you open up your browser's network panel to make sure it found all the local resources like your JS files and CSS files. If the browser couldn't find a resource, you'll see a 404, and you can debug the URL and file location.
Now, back to this URL: https://cdn.rawgit.com/pamelafox/a8b77c43f56da1753348/raw/slideshow.js
The protocol is https - that means it’s a secure URL. We only allow you to bring in secure resources in Khan Academy webpages, and that's a best practice in web development. Not all servers have SSL enabled yet, however, so you may sometimes have to start URLs with http in your projects.
The server is cdn.rawgit.com, and it's an example of a "CDN" - a "content delivery network." CDNs are optimized for serving static files like JS libraries and serving them very quickly. There are a few big CDNs that host multiple JS libraries (like Google's CDN and cdnjs), and there are some libraries that have their own dedicated CDN.
When you bring a JS library into your webpage from a CDN -- or any server that's not your own -- you should trust that server. A malicious server could replace the JS library with code that stole your user's data and sent it somewhere, and you certainly don't want that to happen!
On Khan Academy, we use a security mechanism called CSP in our webpage environment to make sure that you can only bring in resources from servers we trust: bootstrapcdn.com, rawgit.com, googleapis.com, jsdelivr.net, and cdnjs.com.
On your own websites, you'll need to make the decision whether to serve the JS library from your own server or include it from an external CDN. Most big websites decide to host libraries on their own server, because they can have more control and make optimizations like combine multiple libraries into a single JS file for better loading performance. It's up to you -- just keep in mind everything we talked about here!