[whatwg] Caching of identical files from different URLs using checksums
ian at hixie.ch
Thu Jun 7 15:10:57 PDT 2012
On Fri, 17 Feb 2012, Sven Neuhaus wrote:
> Google's. The benefits are:
> the CDN and not from the site that uses them
> * If enough sites refer to the same external file, the browser will cache the file and even if
> There are however some drawbacks to this approach:
> * Security: The site operator is trusting an external site. If the CDN serves a malicious file
> it will directly lead to code execution in browsers under the domain settings of the site
> including it (a form of cross site scripting).
> * Availability: The site depends on the CDN to be available. If the CDN is down the site may not
> be available at all.
> * Privacy: The CDN will see requests for the file with HTTP referer headers for every visitor
> of the site.
> * Extra DNS lookup if file is not already cached
> * Extra HTTP connection (can't use persistent connection because it's a different site) if file is not cached
> I am proposing a solution that will solve all these problems, keep the
> benefits and offers some extra advantages:
> 1. The site stores a copy of the library file(s) on its own site.
> 2. The web page includes the library from the site itself instead of from the CDN
> 3. The script tag specifies a checksum calculated using a cryptographic hash function.
This kind of thing has been proposed a number of times. Unfortunately,
each time it has not gotten traction from browser vendors. I recommend
approaching browser vendors directly and encouraging them to implement
a solution along these lines.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg