Re: HSTS Priming, continued.

On Fri, Nov 6, 2015 at 6:40 PM, Brad Hill <hillbrad@gmail.com> wrote:

> I like it.  Even if you don't want to apply it normatively to navigational
> requests, it might be useful to suggest that the prefetcher, if one exists,
> should perform priming.
>

Sounds reasonable:
https://github.com/mikewest/hsts-priming/commit/75877a33528c0c3893d599dd5c26864db4538313

That said, the concerns I've heard from folks to whom I've shopped this
proposal have centered around load (especially in geographic regions that
blackhole requests to port 443 in a way that fails slowly rather than
quickly). I'd like to start with something small that won't have a
seriously detrimental impact on load times.

Also, selfishly, it's a lot easier to poke at subresource requests in
Blink, as we can reuse much of the infrastructure that CORS preflights have
paved. Navigations are harder, especially as the implementation is a bit in
flux at the moment.

-mike

Received on Friday, 6 November 2015 17:52:58 UTC