[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: F23 System Wide Change: jQuery
From: Reindl Harald <h.reindl () thelounge ! net>
Date: 2015-06-29 14:46:06
Message-ID: 55915A2E.20906 () thelounge ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Am 29.06.2015 um 16:37 schrieb Vít Ondruch:
> Dne 29.6.2015 v 16:20 Reindl Harald napsal(a):
>>
>> Am 29.06.2015 um 16:13 schrieb Vít Ondruch:
>>>> That doesn't really help, since the main advantage to this Change
>>>> Proposal is having a single package to update when fixes are needed,
>>>> but nearly all web applications take pieces of jQuery out and minify
>>>> them (taking only the parts they need in order to reduce download and
>>>> processing time to speed up execution).
>>>
>>> Honestly, how much web applications do we have packaged?
>>>
>>> And also, I am not convinced the the practice "take out some part of
>>> jQuery and minify it" is wort of the effort and is good practice, since
>>> that way, you probably avoid all caching mechanisms on the way from you
>>> server to the users browser. Of course the question is if the browsers
>>> are smart enough to keep cached single copy of jQuery once they download
>>> it ....
>>
>> the question is simple answered: caching is based on domain *and* URI
>> including all params, always, anywhere for proxies as well as for
>> browsers and no browser is in the position trying to be smart in that
>> context because any other behavior would be broken
>>
>> a web client is not allowed to say "hey, i have a /jquery.js in the
>> cache from application A and re-use it for application B" because that
>> would be *easy* attack vector
>
> If web client had a chance to say "hey, i have a /jquery.js in the
> cache from application A with checksum 'bla', I can reuse it for
> application B, since it request /jquery.js with the same checksum".
> Actually just checking checksums could be enough. But nobody implemented
> it yet I guess.
it don't work that way and it won't ever work that way because you would
need to implement that feature in any server, any client and any proxy
software out there after get it into the HTTP RFC which is unlikely to
ever happen
so the whole question is far oustide the scope of the topic
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic