Re: [whatwg] Fetch Objects and scripts/stylesheets

Ben Maurer <> writes:

> Another concrete example with <img> tags: sometimes an abusive user will
> use a site like Facebook as a CDN -- they'll upload a picture and hotlink
> it from elsewhere. We could insert a time-stamped authentication token as a
> custom header. Today we sometimes do this via the query string -- giving
> the user a token that lasts for a few days. This means we bust the user's
> cache every time we rotate the token. With a custom header, the browser
> cache stays in tact.

Why not just check the referer or origin header and act on that?

> Images would also be a great example of where logging headers could be
> extremely helpful. For example, we could log what module within a page
> rendered an image and monitor bandwidth usage and CDN cache hit rate on a
> per module basis. In the past it's taken us a long time to debug issues
> that could easily be found with this method.

This means more analytics and logging – privacy intrusions justified by
the sheer complexity of systems created by several thousand monkeys on
thousands of electronic typewriters. Incidentally, more fingerprinting.

I do not see any immediate benefit to the user here.

Nils Dagsson Moskopp // erlehmann

Received on Thursday, 14 August 2014 15:29:03 UTC