I fully support this proposal. In addition to APIs, I'd like to propose prohibiting caching any resources loaded over insecure HTTP, regardless of Cache-Control header, in Phase 2.N. The reasons are: 1) MITM can pollute users' HTTP cache, by modifying some JavaScript files with a long time cache control max-age. 2) It won't break any websites, just some performance penalty for them. 3) Many website operators and users avoid using HTTPS, since they believe HTTPS is much slower than plaintext HTTP. After deprecating HTTP cache, this argument will be more wrong. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
- Re: Intent to deprecate: In... commodorejohn
- Re: Intent to deprecate: In... Patrick McManus
- Re: Intent to deprecate: In... Mike Hoye
- Re: Intent to deprecate: Insecu... Cameron Kaiser
- Re: Intent to deprecate: In... commodorejohn
- Re: Intent to deprecate: In... Cameron Kaiser
- Re: Intent to deprecate: Insecure HTTP Gervase Markham
- Re: Intent to deprecate: Insecure HTTP bryan . beicker
- Re: Intent to deprecate: Insecure HTTP Boris Zbarsky
- Re: Intent to deprecate: Insecure HTTP Richard Barnes
- Re: Intent to deprecate: Insecure HTTP Eugene
- Re: Intent to deprecate: Insecure HTTP Martin Thomson
- Re: Intent to deprecate: Insecure HTTP Richard Barnes
- Re: Intent to deprecate: Insecure HTTP northrupthebandgeek
- Re: Intent to deprecate: Insecure HTTP imfasterthanneutrino
- Re: Intent to deprecate: Insecure HTTP Karl Dubost
- Re: Intent to deprecate: Insecure HTTP Anne van Kesteren
- Re: Intent to deprecate: Insecure HTTP Boris Zbarsky
- Re: Intent to deprecate: Insecure HT... Robert Kaiser
- Re: Intent to deprecate: Insecu... Anne van Kesteren
- Re: Intent to deprecate: Insecure HTTP Richard Barnes