Re: dont-revalidate Cache-Control header

On 16 July 2015 at 10:38, Guille -bisho- <> wrote:
> The risk is still the typical ga.js url embedded in all websites. If a
> bug/hack makes that static, you will need to ask all site owners to go and
> change the url to something else, which will take ages.

Shift-reload is a tool we provide our users to get around this class of problem.

Also, we like to engineer security systems that don't have a
point-in-time compromises of a system resulting in a persistent

Maybe we should look for alternatives.  If Facebook wanted to
construct a service worker that handled fetch events for "static"
resources and manage its own cache, we can't really stop that from
happening.  We can't stop you from blocking your own requests after

Note that this wouldn't work if the resources were requested by
another origin unless you want to support foreign fetch events for
service workers.

Received on Thursday, 16 July 2015 18:01:36 UTC