- From: Mark Nottingham <notifications@github.com>
- Date: Tue, 24 Nov 2015 17:44:01 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Wednesday, 25 November 2015 01:44:29 UTC
FWIW - I think this is a bit different than `only-if-cached`. The problem there is that it makes it possible to probe the cache without any corresponding traffic being emitted to the server, making it a passive attack. Exposing `fromCache` doesn't do that; if someone tries to use it for probing, it will still emit traffic. What it does do is *slightly* improve confidence as opposed to cache timing attacks (but they're pretty conclusive anyway, AIUI). --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/40#issuecomment-159460619
Received on Wednesday, 25 November 2015 01:44:29 UTC