W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: Caching of web content based on hashes?

From: Richard Barnes <rbarnes@mozilla.com>
Date: Thu, 3 Sep 2015 11:04:51 -0400
Message-ID: <CAOAcki9Zd9N6QTsOANc5wdEu25fbQ0YQh7QMQyjKABSX8+Bzew@mail.gmail.com>
To: Christian Nygaard <christiannygaard@gmail.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
This was discussed during the development of SRI.  It was not added because
it would provide the ability for a calling site to "speak for" another
origin, in the sense that the browser would load the content even the
origin server would have sent something completely different.


On Wed, Sep 2, 2015 at 5:33 PM, Christian Nygaard <
christiannygaard@gmail.com> wrote:

> Is it possible to extend the Subresource integrity specification to allow
> for caching of web content based on hashes instead of max-age? This would
> allow for longer caching of objects and may speed up the web due to making
> cache control easier for web developers and proxies.
> http://w3c.github.io/webappsec/specs/subresourceintegrity/
> Best regards,
> Christian Nygaard
Received on Thursday, 3 September 2015 15:05:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:51 UTC