I have dotnet core server and I want to get jQuery and bootstrap files.
My question is: on a Production grad software, can I use hard-copy and the server will update the hard-copy of the files on a daily basis from Microsoft CDN or should i follow the warning and let the client get his copy direct form the CDN?
Is there a security issue when using this method?
https://learn.microsoft.com/en-us/aspnet/ajax/cdn/overview
Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.
Using a CDN isn't a security risk but it does mean your application wont work properly if the CDN provider is down (shouldn't happen often but can happen).
For why you would or wouldn't want to use a CDN, I'll defer to more informed folks
If you decide you want to avoid using a CDN, simply go to the CDN link you have, copy the text, save it to a file, and include that file in your app. Point all your links to this file instead of the CDN.
This will not "autoupdate" the file as you've asked for, but IMHO auto-updating a dependency like jQuery is a decidedly bad idea as doing so daily will almost certainly break your application at some point. Other libraries you use depend on specific versions of things, changing a dependency like that should be done with caution and tested thoroughly before release, definitely not via an automated process.
FYI, the CDN files you speak of should NEVER change. That is https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js will never change. The file content from CDN files are meant to remain constant always. If the library is updated, an NEW CDN file with a new name (probably with an updated version number) will be created but the old file will still be there with the old name and the same content.
Regarding this bit:
Warning : Production applications should not take a hard dependency on CDN assets. Applications should test for the CDN asset referenced, and use a fallback asset when the CDN is not available.
Basically, this seems to be saying, "Don't design you application where it simply links to the CDN file and if the file is not present, your app fails. Instead, link to the CDN but your code should check that that CDN file was loaded and if not, try to load it from a different location.
Personally, I prefer a local copy of the needed file (preferably minified) in most cases and avoid CDNs, unless I'm building something that has a specific need to keep the total project size as small as possible.