On Thu, Jul 16, 2015 at 11:01 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 16 July 2015 at 10:38, Guille -bisho- <bishillo@gmail.com> wrote: > > The risk is still the typical ga.js url embedded in all websites. If a > > bug/hack makes that static, you will need to ask all site owners to go > and > > change the url to something else, which will take ages. > > Shift-reload is a tool we provide our users to get around this class of > problem. > I know, but you can't ask end-user to shift-reload easily... :/ > Also, we like to engineer security systems that don't have a > point-in-time compromises of a system resulting in a persistent > attack. > > Maybe we should look for alternatives. If Facebook wanted to > construct a service worker that handled fetch events for "static" > resources and manage its own cache, we can't really stop that from > happening. We can't stop you from blocking your own requests after > all. > > Note that this wouldn't work if the resources were requested by > another origin unless you want to support foreign fetch events for > service workers. > I would like to avoid a system like that. A header or html directive indicating that sub-resources of a given domain must not be revalidated and their ttl is for good will solve all security issues, and still provide a really nice improvement. - If a page adds the header by mistake, can easily remove it. - A page can't self-reference their domain, so no risk of bricking yourself. -- Guille -ℬḭṩḩø- <bishillo@gmail.com> :wq
Received on Thursday, 16 July 2015 18:19:56 UTC