Use html App Cache to permanently cache scramble.io

[feross]

I just talked with @substack here in Ireland at Nodeconf.eu and he had a cool thought about how to permanently cache a website so that it will never make http requests after the first page load.

The App Cache feature of html5 lets you cache static website resources so that your app can work offline. There's a manifest file that let's you specify what files should be cached. As I understand it, the browser regularly refetches the manifest file to keep files up to date, learn about new files to be cached, etc.

Now, here's the clever part. If you tell the browser to also cache the manifest file, then it will never refetch it and your app is permanently fixed. Even if the server gets hacked, it doesn't matter because the app won't ever make new http requests.

There also might be a way to let the user manually trigger an update from the client if they're so inclined, but it wouldn't ever happen automatically.

(cc @dominictarr)

[dcposch]

Interesting! Worth trying out.

On Mon, Sep 9, 2013 at 10:38 AM, Feross Aboukhadijeh < notifications@github.com> wrote:

I just talked with @substack https://github.com/substack here in Ireland at Nodeconf.eu and he had a cool thought about how to permanently cache a website so that it will never make http requests after the first page load.

The App Cache feature of html5 lets you cache static website resources so that your app can work offline. There's a manifest file that let's you specify what files should be cached. As I understand it, the browser regularly refetches the manifest file to keep files up to date, learn about new files to be cached, etc.

Now, here's the clever part. If you tell the browser to also cache the manifest file, then it will never refetch it and your app is permanently fixed. Even if the server gets hacked, it doesn't matter because the app won't ever make new http requests.

There also might be a way to let the user manually trigger an update from the client if they're so inclined, but it wouldn't ever happen automatically.

(cc @dominictarr https://github.com/dominictarr)

— Reply to this email directly or view it on GitHubhttps://github.com/dcposch/scramble/issues/20 .

[feross]

This is a lot better than a chrome extension imo, since it will work cross-browser by default. You won't need to do a chrome, firefox, safari, etc. extension.

I'll investigate this and let you know if it works.

[feross]

If this actually works, then this would be the new security matrix:

[dcposch]

Yes and no. A new user, or a user on a new computer, or simply someone who cleared their browser cache still trusts the server.

On Tue, Sep 10, 2013 at 1:06 AM, Feross Aboukhadijeh < notifications@github.com> wrote:

If this actually works, then this would be the new security matrix:

[image: screen shot 2013-09-10 at 9 05 47 am]https://f.cloud.github.com/assets/121766/1112986/d900a0c4-19ef-11e3-8680-289bb6046b8f.png

— Reply to this email directly or view it on GitHubhttps://github.com/dcposch/scramble/issues/20#issuecomment-24140679 .

[feross]

The UI should indicate what state the app is in. When the user has to trust the server (first time user, new computer, etc.), they should see an indication of this, so they can decide how much they trust the internet connection they're on, etc.

[feross]

It works! See: https://github.com/feross/infinite-app-cache

[dcposch]

Thanks!

On Tue, Sep 10, 2013 at 2:49 AM, Feross Aboukhadijeh < notifications@github.com> wrote:

It works! See: https://github.com/feross/infinite-app-cache

— Reply to this email directly or view it on GitHubhttps://github.com/dcposch/scramble/issues/20#issuecomment-24147683 .