W3C home > Mailing lists > Public > whatwg@whatwg.org > July 2009

[whatwg] In AppCache web apps, images from unpredictable domains won't load

From: Michael Nordman <michaeln@google.com>
Date: Mon, 6 Jul 2009 14:05:13 -0700
Message-ID: <fa2eab050907061405h27b65256l18a719bf70e88d71@mail.gmail.com>
Couple of comments...

1) Aaron's comment was not about caching them at all, it was about referring
to them from a cached application and having them load via the network as
usual. "Step 5" gets in the way of that.

2) The spec already allows for cross-origin caching, they can be explicitly
listed in a manifest file.

On Mon, Jul 6, 2009 at 1:28 PM, Jonas Sicking <jonas at sicking.cc> wrote:

> On Mon, Jul 6, 2009 at 11:46 AM, Aaron Whyte<awhyte at google.com> wrote:
> > When a page is loaded from an AppCache, even when online, external
> resources
> > such as images will not be loaded at all.
> > If foo.com has an image <img src="http://bar.com/img.png" />, then
> according
> > to the steps in
> >
> http://www.whatwg.org/specs/web-apps/current-work/multipage/offline.html#changesToNetworkingModel
> > it will fail the load for the resource.
> > For example, someone with an Offline Gmail client would never be able to
> see
> > cross-domain images in emails, even when completely online.
> > There's no workaround in the current spec.
> The workaround is for the gmail to download the images to gmails
> servers and then serve them from a google domain. Not as simple as
> simply being able to cache urls from other servers I agree, but doing
> multi domain application caches is very complicated from a security
> point of view so I think we wanted to stay clear of it for the first
> iteration of the spec.
> / Jonas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090706/c19bdefa/attachment-0001.htm>
Received on Monday, 6 July 2009 14:05:13 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:14 UTC