Tables layout is generally complex and slow, only hiding the text with CSS feels very fast. Once layout is involved even without looping to set innerHTML it becomes a lot slower.
With control over the mirror list you can prevent certain users from getting updates which is a security problem but without being able to sign packages the danger is limited.
I would argue this particular example has more to do with the radix parameter of parseInt being optional and having a complex behavior. More generally, javascript functions accepting any number of parameters, regardless…
Correct, but, even if not explicitly said, the cached entries should be associated to the certificate's fingerprint and immediately discarded once the certificate expires or is changed.
The problem is that servers are allowed to update their resources at any time without waiting for any specific expiration time. So when a user instructs it's browser to refresh the page, usually expecting to get the…
That's an interesting attack vector, in the section 3 of the RFC they recommend to ignore the directive unless it's a secure connection which would mitigate that kind of problems. Another solution would be to use an…
cache-control: private doesn't seem to imply that a resource won't ever change and on page refresh the browsers have to check if the resource has been updated, immutable would avoid the 304's responses cascade.
Tables layout is generally complex and slow, only hiding the text with CSS feels very fast. Once layout is involved even without looping to set innerHTML it becomes a lot slower.
With control over the mirror list you can prevent certain users from getting updates which is a security problem but without being able to sign packages the danger is limited.
I would argue this particular example has more to do with the radix parameter of parseInt being optional and having a complex behavior. More generally, javascript functions accepting any number of parameters, regardless…
Correct, but, even if not explicitly said, the cached entries should be associated to the certificate's fingerprint and immediately discarded once the certificate expires or is changed.
The problem is that servers are allowed to update their resources at any time without waiting for any specific expiration time. So when a user instructs it's browser to refresh the page, usually expecting to get the…
That's an interesting attack vector, in the section 3 of the RFC they recommend to ignore the directive unless it's a secure connection which would mitigate that kind of problems. Another solution would be to use an…
cache-control: private doesn't seem to imply that a resource won't ever change and on page refresh the browsers have to check if the resource has been updated, immutable would avoid the 304's responses cascade.