Open magicalo opened 2 years ago
buettner
commented
2 years ago I think this concern applies to the normal HTTP cache too, right?
In any case, prefetched resources are deleted if the user navigates to a page different than the one that was prefetched. Also, prefetched resources are deleted if the user doesn't navigate at all for a few minutes. So the window for this to happen via the prefetch cache is very narrow.
jeremyroman
commented
2 years ago A similar situation exists with pages that are open while the user switches networks -- some fetches may have occurred on one network, and some on another. And in general the network topology could change for reasons completely outside the current device. In general I suspect we should just consider this problem out of scope. A hypothetical browser could use entirely separate browser profiles by network which seems like the only way to do this robustly, at least assuming it's possible for the browser to determine what the network location is.
Is there a document that describes how fetch/use is done in terms of interfaces / SSIDs. For example, if a resource is fetched while on an open Wifi or Cellular interface, for example MyFavoriteCoffeShop SSID, will that content then potentially used when I connect on a more secure SSID MyOfficeSSID
Is there a way to bind content to an interface type, SSID or Network such that only content downloaded when on that interface is used ONLY when on that interface? (e.g only use stuff from the CORP prefetch cache when on CORP network).
There are a number of security related concerns to cross-domain content prefetching/rendering. One obvious one is an enterprise may want to inspect all content. If some of the content could have been cached from outside the enterprise network - but used while on the enterprise network via the caching mechanism.
It would be great if there was a mechanism to shard the cached content across interface/SSID/Networks so as to only render content previously downloaded over that same network.