You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pagespeed.apache.org by GitBox <gi...@apache.org> on 2018/01/15 18:20:25 UTC

[GitHub] morlovich commented on issue #1697: Add CspPolicy::ToIdentityString(). Use it in JS Combiner cache key suffix

morlovich commented on issue #1697: Add CspPolicy::ToIdentityString(). Use it in JS Combiner cache key suffix
URL: https://github.com/apache/incubator-pagespeed-mod/pull/1697#issuecomment-357756457
 
 
   So, high-level question:  
   If this hash function always produces different outputs for distinct policies, there is no need for a render-time check; however verifying that it may be tricky, as I would have to reason about what happens when something has one of those characters you used in joins inside, the differences behind empty vs. missing rules, and all that. 
   
   If there is a check, then we can skp over that analysis -except- you may get some non-rewriting flakiness 
   if it's not quite 1-to-1. Probably still preferable given this is a security property..
   
   (We would probably want to use it for other filters to, though; it may also make sense to summarize only pairs like style-src + default-src, since other things are irrelevant).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services