- From: Richard Barnes <rbarnes@mozilla.com>
- Date: Wed, 20 Jan 2016 11:00:00 -0500
- To: Francois Marier <francois@mozilla.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
Received on Wednesday, 20 January 2016 16:00:36 UTC
On Tue, Jan 19, 2016 at 8:37 PM, Francois Marier <francois@mozilla.com> wrote: > On 18/01/16 05:36 PM, Mhano Harkness wrote: > > Perhaps a future version could support something like the below (or some > > other mechanisms to support graceful and secure fall back in case the > > CDN is not available, the user agent doesn't understand the new > > directive, etc.): > > One thing that was pointed out to me by one of the developers of a large > site is that the use of a CDN is not always optional. In their case, if > static resources were to fall back to the main webserver, it would bring > it to its knees. > > Another point that was raised is that if you have two copies of a > resource (one on the CDN and one local), you need to ensure that they > are always in sync and that you test both In addition to the above, I'm not sure it makes sense to bake a fallback strategy into the browser. Any fallback strategy is going to have pitfalls of the type Francois mentions, so different ones are going to be appropriate for different sites. And it's something that sites can already polyfill -- just check whether the resource in question loaded, and if not, add it to the DOM yourself. --Richard
Received on Wednesday, 20 January 2016 16:00:36 UTC