Justin Azoff

Hi! Random things are here :-)

Shared HTTP Caching

I’ve been wondering why the web doesn’t have a mechanism for uniquely identifying a resource by a means other than its URL. I think if such a thing existed, then HTTP caches for common files could be shared between sites.

There has been a push lately to let Google host common JS libraries for you. The main reason for this is increased performance, there are two cases where this helps:

  • The user has never loaded jQuery before - They get to download it from fast servers
  • The user has visited another site that also hosted jQuery on google - They don’t have to download it at all.

However, there are issues with this:

  • This will not work on a restricted intranet
  • If the copy of jQuery on google was somehow compromised, a large number of sites would be effected.
  • If google is unreachable(it happens!), the site will fail to function properly

There should be a way to include a checksum like so:

<script type="text/javascript"
    src="/js/jquery-1.3.2.min.js"
    sha1="3dc9f7c2642efff4482e68c9d9df874bf98f5bcb">
</script>

(sha1 usage here is just an example, a more secure method could easily be used instead)

This would have two benefits:

  • If the copy of jQuery was maliciously modified, or simply corrupted, the browser would refuse to load it.
  • The browser may be able to use a cached copy of jQuery from another site with the same checksum.

This sort of fits in with one of the ideas in the A New Way to look at Networking talk by Van Jacobson.