F23 System Wide Change: jQuery
Vít Ondruch
vondruch at redhat.com
Mon Jun 29 14:37:18 UTC 2015
Dne 29.6.2015 v 16:20 Reindl Harald napsal(a):
>
> Am 29.06.2015 um 16:13 schrieb Vít Ondruch:
>>> That doesn't really help, since the main advantage to this Change
>>> Proposal is having a single package to update when fixes are needed,
>>> but nearly all web applications take pieces of jQuery out and minify
>>> them (taking only the parts they need in order to reduce download and
>>> processing time to speed up execution).
>>
>> Honestly, how much web applications do we have packaged?
>>
>> And also, I am not convinced the the practice "take out some part of
>> jQuery and minify it" is wort of the effort and is good practice, since
>> that way, you probably avoid all caching mechanisms on the way from you
>> server to the users browser. Of course the question is if the browsers
>> are smart enough to keep cached single copy of jQuery once they download
>> it ....
>
> the question is simple answered: caching is based on domain *and* URI
> including all params, always, anywhere for proxies as well as for
> browsers and no browser is in the position trying to be smart in that
> context because any other behavior would be broken
>
> a web client is not allowed to say "hey, i have a /jquery.js in the
> cache from application A and re-use it for application B" because that
> would be *easy* attack vector
If web client had a chance to say "hey, i have a /jquery.js in the
cache from application A with checksum 'bla', I can reuse it for
application B, since it request /jquery.js with the same checksum".
Actually just checking checksums could be enough. But nobody implemented
it yet I guess.
Vít
More information about the devel
mailing list