Re: dont-revalidate Cache-Control header

But SRI is for sub resources, meant to be used in an html file. If a
resource is cached in a intermediate proxy, is corrupted, and follows this
new proposal to avoid revalidations, how the clients noticing the
corruption with SRI will force the re-fetch? We might need to ensure the
content is valid before permanente storing it.

To simplify thing we might prefer not to add the hash, but then
specifically mention that static should be used only over https channels
that provide better integrity guarantees.

Or alternatively elaborate in the SRI proposal that the resources cached
that match the hash should never be revalidated, the TTL must be obeyed.
This could be nice, especially given SRI is still a draft and accepting
changes.

-- 
Guille -ℬḭṩḩø- <bishillo@gmail.com>
:wq

Received on Wednesday, 15 July 2015 17:50:39 UTC