RE: What constitutes protection [was: About using CORS]

On Tuesday, May 04, 2010 9:36 PM Dirk Pranke wrote:
> 
> On Tue, May 4, 2010 at 2:01 PM, Levantovsky, Vladimir
> <Vladimir.Levantovsky@monotypeimaging.com> wrote:
> >
> > Can you please elaborate a bit more on this whole issue? It seems
> that CDN should be completely transparent for UA, and that content and
> resources such as CSS and fonts would appear to a browser as coming
> from the same origin it was requested, regardless of whether CDN is
> used or not. So, if content is in fact comes from CDN - how does it
> affect same-origin restriction?
> >
> 
> If you go to 'www.cnn.com', the CSS files are served from
> 'i.cdn.turner.com', which is a CDN (presumably) on a different origin
> than the requesting page. This type of usage is extremely common,
> because the CDN gets a different (usually smaller) set of cookies than
> the origin server (and hence the requests are usually received
> faster).
> 

Yes, I can see this in their source, which seems to tell that this is how they designed the site. It appears that they set up their own CDN (or at least they have a server they named cdn.turner.com) where stylesheets, javascripts and other resources live, and the content comes from the main server cnn.com.
I am curious about CDN like Akamai that creates and keeps multiple local copies of site content. When I click on the link to a page and UA receives the content back - what is the difference between the cases when the response is coming from the original server vs. cached CDN content? The content itself is the same, does UA actually see that it is coming from CDN?

Thank you,
Vlad

Received on Wednesday, 5 May 2010 12:18:37 UTC