- From: Ian Denhardt <ian@zenhack.net>
- Date: Sun, 20 Dec 2015 16:25:39 -0500
- To: public-webappsec@w3.org
- Message-ID: <145064673948.4372.14728861030824482000@rook>
Hey all, I was bouncing around some ideas the other day and came up with what basically amounts to SRI. I figured someone must have thought of this so asked a friend, and turns out yep, folks are working on it. Interesting thing is: I had a completely different use case in mind for the same mechanism specified. The presence of the integrity attribute could be used for caching purposes. This has some neat properties: * No need to check modification times/etags with the server before using the cached entry; the hash tells you what the content is, so you know whether your cache is up to date without making any extra requests. * As a corollary, cache entries based on integrity don't need to have a notion of expiration. * The cache entry can be valid even for different URLs. For example the browser can download one copy of jquery *ever*, even for sites that link to it on different CDNs. The spec doesn't mention this use case at all. Thoughts? I'm not subscribed to the list, so please Cc me in any responses. -Ian
Received on Sunday, 20 December 2015 21:22:46 UTC