Closed Bug 833834 Opened 11 years ago Closed 8 years ago

Refetch app caches with https:// manifests to get security info

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: mayhemer, Unassigned)

Details

To give a complete and good UX after fix of bug 794507 we have to refetch app caches to get the correct sec-info to the cache ASAP.

Solution:
- when we have a cached manifest loaded via a secured protocol (https) that doesn't have sec-info in the cache, prevent offline cache update to use the current appcache version as cache to validate against (simulate first fetch)

However, UX will still be bad since the update won't happen sooner then after the page load.  It means to get valid lock icon user needs to:
- load the page
- wait for the cache update to finish (may take a while, since we do a complete refetch)
- reload the page

Do it a different way may be too complicated.  Like, before we load the main page, check the manifest for the "secured w/o sec-info" condition and prevent load from app cache for the page.  But when user it actually offline or the app source is temporarily unreachable, it may lead to a very bad UX "where the hell has my offline app gone??"
(In reply to Honza Bambas (:mayhemer) from comment #9)
> (In reply to Brian Smith (:bsmith) from comment #7)
> > (In reply to Honza Bambas (:mayhemer) from comment #6)
> > How about we change the code for conditional requests so that we never add
> > the conditional request headers if we're doing an offline cache update and
> > the existing entry doesn't have a security-info entry?
> 
> That seems effectively identical to my proposal.  I want to let the cache
> reload on access.  Deleting or artificial invalidating is the same actually.
> However, for the manifest we also have to remove the "hash" metadata to
> prevent seeing the manifest identical even when revalidated.

OK. I don't understand this well enough to have an opinion. The important thing is that we consider all cached content as invalid if it was cached before the fix for bug 794507.

(In reply to Honza Bambas (:mayhemer) from comment #0)
> However, UX will still be bad since the update won't happen sooner then
> after the page load.  It means to get valid lock icon user needs to:
> - load the page
> - wait for the cache update to finish (may take a while, since we do a
> complete refetch)
> - reload the page
> 
> Do it a different way may be too complicated.  Like, before we load the main
> page, check the manifest for the "secured w/o sec-info" condition and
> prevent load from app cache for the page.  But when user it actually offline
> or the app source is temporarily unreachable, it may lead to a very bad UX
> "where the hell has my offline app gone??"

I think this is the best we can do. I agree that we don't want the offline app to stop working due to this error.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.