Ship/Cache popular JS Frameworks, fonts and CSS & load them locally like DecentralEyes




2 years ago
a year ago


(Reporter: karana, Unassigned)


55 Branch

Firefox Tracking Flags

(Not tracked)




2 years ago
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20170604030205

Steps to reproduce:

Browse the net across many popular sites

Actual results:

I observed that a lot of websites include external JS,CSS or Fonts that come from the same source.
In rare cases they are hosted on the website itself, mostly they come from external pages like google API or or some other CDN.

Expected results:

These files shouldn't have been requested from the net in the first place.
Having the files stored locally makes the site load faster, decreases overall load on the connection and decreases the possibilites of tracking you on the net.
Severity: normal → enhancement
Component: Untriaged → Networking: Cache
Product: Firefox → Core
I believe this idea has come up before. Patrick, you probably know better how this fits into our plans.
Flags: needinfo?(mcmanus)
Component: Networking: Cache → General
Flags: needinfo?(mcmanus)
Product: Core → Firefox

Comment 2

a year ago
Hello I have a Proposed solution:

In order to securely serve js between sites.

A sha-256 sum of the files should be stored in a js-dict

    where the key is the resulting sum and the value is the js library.

In order to serve the same resource across pages an intermediate url-dict should be created
that maps a url to a sum.

    where the key is the url and the value is the sha-256 sum

A page can than request the js library normally and firefox can look up the url in the url-dict
if a val is returned it is used to retrieve the js library fro the js-dict
if no js library is returned than a fetch from the server will be attempted and than sh-256'd
    and added to the dicts

Also in the script tag could include a direct reference to the sha-256 key that the browser should
look up in the js-dict
    If no resource is returned than it should be fetched and added to the dicts when retrieved.

Comment 4

a year ago
Cool w3c already has what i am imagining, except from the look of it .. they require the tag to have the sha if the cache is to be used. I would also add that the url should be used in an intermediate dict, to automatically fetch resources from the cache if the user so desired.

Also the script tag could have a flag that invalidates the cache for the page and forces a fetch for the resource. just in case the programmer expects a side effect from fetching. This should only affect the single page as to not effect other pages.

the invalidation flag takes precedence over the sha-256 flag.
You need to log in before you can comment on or make changes to this bug.