On Oct 18, 2017, at 8:51 AM, Andy Goth wrote:
>
> style-$hash2.css where $hash2 is a hash (or prefix thereof)
> of the contents of style.css, possibly combined with the Fossil checkin
> prefix.
If style.css is stored as a Fossil artifact, we get that for free.
If it’s stored in SQL, Fossil coul
On 10/18/17 09:46, Warren Young wrote:
On Oct 18, 2017, at 8:27 AM, Warren Young wrote:
On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote:
I'll have to add a "/fossil.js” resource
While you’re about it, I’d suggest shipping /fossil-$hash.js instead
and setting a multi-year Expires header for
On Oct 18, 2017, at 8:27 AM, Warren Young wrote:
>
> On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote:
>> I'll have to add a "/fossil.js” resource
While you’re about it, I’d suggest shipping /fossil-$hash.js instead and
setting a multi-year Expires header for the file so that it only has to be
On 18 October 2017 at 15:32, Stephan Beal wrote:
> LOL. Turing and his silly Test - that's why we can't have nice things.
nitpicking: it's not about the test, but about the completeness (AKA
the halting problem)
--
Javier
___
fossil-users mailing list
On Wed, Oct 18, 2017 at 4:27 PM, Warren Young wrote:
> If you have any Ajax calls back to the remote fossil executable and they
> ship back
On Oct 18, 2017, at 7:04 AM, Richard Hipp wrote:
>
> On 10/18/17, Warren Young wrote:
>> On Oct 18, 2017, at 3:44 AM, Warren Young wrote:
>>>
>>> The more web apps that ship with stringent Content-Security-Policy
>>> headers, the fewer arguments we’ll have for allowing JS on web pages.
>
> I'
On 10/18/17, Lonnie Abelbeck wrote:
>
> Doesn't HTTPS solve this problem ?
>
HTTPS solves a different problem. See
https://content-security-policy.com/presentations/ for some
presentations that describe the problem that CSP solves.
--
D. Richard Hipp
d...@sqlite.org
On Oct 18, 2017, at 8:04 AM, Richard Hipp wrote:
> On 10/18/17, Warren Young wrote:
>> On Oct 18, 2017, at 3:44 AM, Warren Young wrote:
>>>
>>> The more web apps that ship with stringent Content-Security-Policy
>>> headers, the fewer arguments we’ll have for allowing JS on web pages.
>
> I'd
On Wed, Oct 18, 2017 at 3:04 PM, Richard Hipp wrote:
> as
On 10/18/17, Warren Young wrote:
> On Oct 18, 2017, at 3:44 AM, Warren Young wrote:
>>
>> The more web apps that ship with stringent Content-Security-Policy
>> headers, the fewer arguments we’ll have for allowing JS on web pages.
I'd never heard of Content-Security-Policy before. A quick scan
s
10 matches
Mail list logo