Login/Register
Do web browsers cache resources with Subresource Integrity (SRI) differently?
Asked Answered
Solved browserbrowser-cachesubresource-integrity
D

1

9

I would think that specifying Subresource Integrity hash on a resource should allow web browsers to cache much more aggresively, and basically always reuse the local copy of the resource.

Is stronger caching for SRI resources implemented (or at least "planned to be implemented") in browsers? So that for example hitting a "[Refresh Page]" button would still make a browser reuse the cached resource? Or is it not? If not, then is it because of some important reasons? Or just "not yet there, but yeah maybe some day"?

Danutadanya answered 29/5, 2018 at 8:13 Comment(1)
The SRI spec defines no requirements at all related to caching in browsers. See w3c.github.io/webappsec-subresource-integrity. Therefore there’s nothing standard implemented for it cross-browser — and so for resources with SRI hashes you can’t expect browsers to do any different caching than what they do for any other resources. If you think there should be some different behavior than that, the place to raise an issue for it is at github.com/w3c/webappsec-subresource-integrity/issuesFerro
D
4

Inspired by @sideshowbarker's comment (thanks!), I browsed the W3C's issue tracker for SRI, and lo and behold, this idea is already tracked, as:

#22 — Consider shared caching

Implementing this caching idea is apparently indeed non-trivial with regards to security and privacy (e.g. because it could be used for tracking whether user visited a page). Thus, I assume, not yet (if ever) in browsers (though I still can't be 100% sure based on that). And not even yet determined if possible to be implemented in a "safe" way.

Danutadanya answered 29/5, 2018 at 9:32 Comment(1)
You might as well accept your own answer... :-) It was, sadly, the right answer: Yup, good idea except unsafe so probably never-going-to-happen.Clercq

© 2022 - 2024 — McMap. All rights reserved.