[w3c/ServiceWorker] Cache API: Cache-Control headers and Opaque Responses (#1299) from Joshua Bell on 2018-04-05 (public-webapps-github@w3.org from April 2018)

From: Joshua Bell <notifications@github.com>
Date: Thu, 05 Apr 2018 11:11:33 -0700
To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/ServiceWorker/issues/1299@github.com>

By design, the Cache API does not respect cache-control headers; storing and deleting is done explicitly via the API. For non-opaque responses, this doesn't extend the capabilities of script; a non-opaque response could be read and a synthetic response with the same content stored instead.

As @mkruisselbrink raises in https://bugs.chromium.org/p/chromium/issues/detail?id=828420 though, _"the interesting question is indeed what to do about CacheControl headers on opaque responses, as arguably there it was the intention of the server that it shouldn't be stored. "_

(Failing the store would presumably itself be an information leak...)


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/ServiceWorker/issues/1299

Received on Thursday, 5 April 2018 18:11:55 UTC