How to still cache across sites
How to still cache across sites
Posted Feb 1, 2021 11:16 UTC (Mon) by ras (subscriber, #33059)In reply to: How to still cache across sites by excors
Parent article: Firefox 85 released
> There's also stuff like https://github.com/w3c/server-timing/issues/67 where a cached HTTP header can be used as an identifier (which wouldn't be protected by your scheme if you're hashing just the response's body; and you probably can't hash headers without breaking HTTP proxies).
Sigh. I hadn't thought of headers. But this is a new sort of fetch, and for this sort you could say "you don't get access to no stink'in headers". Or perhaps just you get access to harmless pre-defined set, similar to what CORS allows.
In any case this can't be a replacement as not everything is immutable. You still need to do the cache isolation for the non-immutable stuff. It can only be an addition that elminates the impacts of the cache isolation for stuff that doesn't need it.