-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New version negotiation mechanism makes updates impossible for cached resources #66
Comments
One idea: change the Additional idea, which could combine with that one or be independent: network errors due to mismatched origin policies on cached documents cause a refetch from the server, similar to a cache miss. I'm unsure whether these are minor reasonable tweaks to a reasonable model, or desperate attempts to patch a broken model. I think it comes down to how important one thinks "one origin policy per origin" is. |
OK, so, I think this comes down to a choice between two main designs. One is an evolution of the current design, and one is an evolution of the previous design, but they're different enough that it's easier to just lay them out independently. Multiple
|
It would be useful to hear from @arturjanc, @n8schloss, and others about deployment tradeoffs I think. I personally tend to agree that for something called Origin Policy we really ought to aim for having one and only allow multiple due to caching. |
The "reload the page from network if its cached In the above scenarios, it is the cached page that is older (by construction), but it could easily be the other way around. Indeed, normally when we see a mismatch between an allowed=() value and the current origin policy, we re-fetch the origin policy. You could try to fix that by ... refetching whichever cached thing is older? ... but that seems messy. So for now at least, I'll omit that. People should be sure to include both |
The newish version negotiation mechanism (introduced in #47) has a pretty fatal flaw. Consider the following scenario:
https://example.com/static-page.html
.Cache-Control: max-age=86400
.Origin-Policy: allowed=("policy-1")
"policy-1"
to"policy-2"
, for some good reason.static-page.html
) to sendOrigin-Policy: allowed=("policy-1" "policy-2"); preferred="policy-2"
, of course.https://example.com/dynamic-page.html
for the first time.Cache-Control: no-store
.Origin-Policy: allowed=("policy-1" "policy-2"); preferred="policy-2"
header, so it uses"policy-1"
for the initial load, but updates thehttps://example.com/.well-known/origin-policy
cache entry to contain"policy-2"
in the background.https://example.com/dynamic-page.html
use"policy-2"
, as intended.https://example.com/static-page.html
.Origin-Policy: allowed=("policy-1")
...https://example.com/.well-known/origin-policy
is"policy-2"
, which is not in the allowed list...https://example.com/static-page.html
---oh no.Notably, this problem did not happen with the previous design, because the previous design didn't restrict us to one origin policy per origin; instead it had multiple origin policies, at different URLs of the formUpon re-reading, the previous design handled this in a different (but also somewhat broken) way. Visiting the cached page would update the default origin policy for the origin back to the old policy. The impact of this was somewhat limited: it threw away the (at that time normative) in-memory cache, and made it so that pages without thehttps://example.com/.well-known/origin-policy/$policy-name
.Sec-Origin-Policy
header got the old policy.This problem is also exacerbated by the change that allows any resource to deliver
Origin-Policy
headers; although a long-lived HTML page is a bit rare these days, a long-lived image or JS bundle is common.Having one origin policy per origin seems like an intuitively good thing. But, maybe it is not really something you can reconcile with the existence of a HTTP cache; as long as pages exist in the cache with a preference for an old version of the origin policy, it seems you need to keep that old version around.
I'll continue thinking about potential ways to fix this, but thoughts would be welcome...
The text was updated successfully, but these errors were encountered: