I raised this exact scenario to @sleevi_ and @metromoxie during the SRI spec. Lately I've been trying to convince @jyasskin to work on a content addressable cache spec. There's just no reason why the Web should be limited to rich countries with fast data and expensive CDNs.https://twitter.com/meyerweb/status/1026848459515723777 …
of course then you'd need some way for either the user or the server to tell the browser when it's okay to leak request paths to the network
-
-
Unauthenticated often still means sensitive. Even if that wasn't the case at one time, the site or the world can change to make it so. Local caching would be a safer place to start, at least, even bearing in mind the complexities of data deletion etc.
-
but e.g. for publicly accessible images/videos, hosted on a domain without sensitive cookies, the only sensitive data is the fact that a specific client requested that resource. users might care about that, and should be able to decide whether that's okay, but it's a tradeoff
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.