Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Is it acceptable to deceive developers expectations for the sake of dubious speed gains?
Google has announced a significant change in cache behavior for the BFCache feature, which allows you to instantly display previously viewed pages using the Forward and Back buttons in Chrome. Now a web page can be stored in the cache, even if the webmaster has specified not to save this page. That is, directly ignore the specified commands.
As explained on Google's web.dev site, "BFCache is an in-memory cache that stores a complete snapshot of a page (including a bunch of JavaScript) when the user leaves it."
This feature allows the browser to quickly and easily restore the page if the user decides to return to it. However, site administrators can specify how their web pages should be stored in the browser cache using the "Cache-control:" header. One option is "Cache-control: no-store" (abbreviated CCNS), which prevents the website response from being stored in the browser cache.
However, when this command was followed, such pages caused obvious performance problems, forcing the browser to load them again. Therefore, Google suggests saving web pages in BFCache even if the "Cache-control: no-store" header is present on HTTPS pages. According to the company, this will increase the number of instant back/forward navigations, improving the user experience.
Fergal Daley, a Google engineer, states that the main purpose of the "Cache-control: no-store" header is not to prevent recovery of pages with sensitive data, but to avoid recovery of pages with sensitive data that the user should no longer have access to.
In other words, if there are no changes in the cookie, it is assumed that the browser's HTTP requests and, consequently, access decisions remain unchanged. This means that it doesn't make sense to spend time and traffic on reloading the page.
For sites that use technologies like EventSource to display changes on open pages, these updates will trigger deletion from BFCache or immediately deliver events during recovery. For sites without immediate update mechanisms, there is a risk of users accessing outdated data, which may be compounded by the proposed behavior of BFCache.
Google is working to address these issues and will first launch the feature on test channels, where it will collect enough data to understand its impact.
Some developers have expressed concerns that this change may break the promise that the "Cache-control: no-store" header means that the browser will not cache the web page. However, Daley claims that this header only promises not to save the web page in the normal browser cache, and not in BFCache.
"There is no explicit promise that CCNS prevents BFCache caching. The CCNS header, like all Cache-control directives, is designed to control HTTP caching, so an explicit promise only applies to the HTTP cache, " explains Daley.
"BFCache does not include HTTP caching, and developers should not interpret the CCNS header as a promise that the page will not be cached in BFCache."
So by redefining how BFCache interacts with the CCNS directive, Google Chrome developers hope to create a more responsive browsing experience without compromising user security and privacy. Ordinary users can only watch the situation from the side, waiting for what it will lead to.
Google has announced a significant change in cache behavior for the BFCache feature, which allows you to instantly display previously viewed pages using the Forward and Back buttons in Chrome. Now a web page can be stored in the cache, even if the webmaster has specified not to save this page. That is, directly ignore the specified commands.
As explained on Google's web.dev site, "BFCache is an in-memory cache that stores a complete snapshot of a page (including a bunch of JavaScript) when the user leaves it."
This feature allows the browser to quickly and easily restore the page if the user decides to return to it. However, site administrators can specify how their web pages should be stored in the browser cache using the "Cache-control:" header. One option is "Cache-control: no-store" (abbreviated CCNS), which prevents the website response from being stored in the browser cache.
However, when this command was followed, such pages caused obvious performance problems, forcing the browser to load them again. Therefore, Google suggests saving web pages in BFCache even if the "Cache-control: no-store" header is present on HTTPS pages. According to the company, this will increase the number of instant back/forward navigations, improving the user experience.
Fergal Daley, a Google engineer, states that the main purpose of the "Cache-control: no-store" header is not to prevent recovery of pages with sensitive data, but to avoid recovery of pages with sensitive data that the user should no longer have access to.
In other words, if there are no changes in the cookie, it is assumed that the browser's HTTP requests and, consequently, access decisions remain unchanged. This means that it doesn't make sense to spend time and traffic on reloading the page.
For sites that use technologies like EventSource to display changes on open pages, these updates will trigger deletion from BFCache or immediately deliver events during recovery. For sites without immediate update mechanisms, there is a risk of users accessing outdated data, which may be compounded by the proposed behavior of BFCache.
Google is working to address these issues and will first launch the feature on test channels, where it will collect enough data to understand its impact.
Some developers have expressed concerns that this change may break the promise that the "Cache-control: no-store" header means that the browser will not cache the web page. However, Daley claims that this header only promises not to save the web page in the normal browser cache, and not in BFCache.
"There is no explicit promise that CCNS prevents BFCache caching. The CCNS header, like all Cache-control directives, is designed to control HTTP caching, so an explicit promise only applies to the HTTP cache," explains Daley.
"BFCache does not include HTTP caching, and developers should not interpret the CCNS header as a promise that the page will not be cached in BFCache."
So by redefining how BFCache interacts with the CCNS directive, Google Chrome developers hope to create a more responsive browsing experience without compromising user security and privacy. Ordinary users can only watch the situation from the side, waiting for what it will lead to.
Google has announced a significant change in cache behavior for the BFCache feature, which allows you to instantly display previously viewed pages using the Forward and Back buttons in Chrome. Now a web page can be stored in the cache, even if the webmaster has specified not to save this page. That is, directly ignore the specified commands.
As explained on Google's web.dev site, "BFCache is an in-memory cache that stores a complete snapshot of a page (including a bunch of JavaScript) when the user leaves it."
This feature allows the browser to quickly and easily restore the page if the user decides to return to it. However, site administrators can specify how their web pages should be stored in the browser cache using the "Cache-control:" header. One option is "Cache-control: no-store" (abbreviated CCNS), which prevents the website response from being stored in the browser cache.
However, when this command was followed, such pages caused obvious performance problems, forcing the browser to load them again. Therefore, Google suggests saving web pages in BFCache even if the "Cache-control: no-store" header is present on HTTPS pages. According to the company, this will increase the number of instant back/forward navigations, improving the user experience.
Fergal Daley, a Google engineer, states that the main purpose of the "Cache-control: no-store" header is not to prevent recovery of pages with sensitive data, but to avoid recovery of pages with sensitive data that the user should no longer have access to.
In other words, if there are no changes in the cookie, it is assumed that the browser's HTTP requests and, consequently, access decisions remain unchanged. This means that it doesn't make sense to spend time and traffic on reloading the page.
For sites that use technologies like EventSource to display changes on open pages, these updates will trigger deletion from BFCache or immediately deliver events during recovery. For sites without immediate update mechanisms, there is a risk of users accessing outdated data, which may be compounded by the proposed behavior of BFCache.
Google is working to address these issues and will first launch the feature on test channels, where it will collect enough data to understand its impact.
Some developers have expressed concerns that this change may break the promise that the "Cache-control: no-store" header means that the browser will not cache the web page. However, Daley claims that this header only promises not to save the web page in the normal browser cache, and not in BFCache.
"There is no explicit promise that CCNS prevents BFCache caching. The CCNS header, like all Cache-control directives, is designed to control HTTP caching, so an explicit promise only applies to the HTTP cache, " explains Daley.
"BFCache does not include HTTP caching, and developers should not interpret the CCNS header as a promise that the page will not be cached in BFCache."
So by redefining how BFCache interacts with the CCNS directive, Google Chrome developers hope to create a more responsive browsing experience without compromising user security and privacy. Ordinary users can only watch the situation from the side, waiting for what it will lead to.
Google has announced a significant change in cache behavior for the BFCache feature, which allows you to instantly display previously viewed pages using the Forward and Back buttons in Chrome. Now a web page can be stored in the cache, even if the webmaster has specified not to save this page. That is, directly ignore the specified commands.
As explained on Google's web.dev site, "BFCache is an in-memory cache that stores a complete snapshot of a page (including a bunch of JavaScript) when the user leaves it."
This feature allows the browser to quickly and easily restore the page if the user decides to return to it. However, site administrators can specify how their web pages should be stored in the browser cache using the "Cache-control:" header. One option is "Cache-control: no-store" (abbreviated CCNS), which prevents the website response from being stored in the browser cache.
However, when this command was followed, such pages caused obvious performance problems, forcing the browser to load them again. Therefore, Google suggests saving web pages in BFCache even if the "Cache-control: no-store" header is present on HTTPS pages. According to the company, this will increase the number of instant back/forward navigations, improving the user experience.
Fergal Daley, a Google engineer, states that the main purpose of the "Cache-control: no-store" header is not to prevent recovery of pages with sensitive data, but to avoid recovery of pages with sensitive data that the user should no longer have access to.
In other words, if there are no changes in the cookie, it is assumed that the browser's HTTP requests and, consequently, access decisions remain unchanged. This means that it doesn't make sense to spend time and traffic on reloading the page.
For sites that use technologies like EventSource to display changes on open pages, these updates will trigger deletion from BFCache or immediately deliver events during recovery. For sites without immediate update mechanisms, there is a risk of users accessing outdated data, which may be compounded by the proposed behavior of BFCache.
Google is working to address these issues and will first launch the feature on test channels, where it will collect enough data to understand its impact.
Some developers have expressed concerns that this change may break the promise that the "Cache-control: no-store" header means that the browser will not cache the web page. However, Daley claims that this header only promises not to save the web page in the normal browser cache, and not in BFCache.
"There is no explicit promise that CCNS prevents BFCache caching. The CCNS header, like all Cache-control directives, is designed to control HTTP caching, so an explicit promise only applies to the HTTP cache," explains Daley.
"BFCache does not include HTTP caching, and developers should not interpret the CCNS header as a promise that the page will not be cached in BFCache."
So by redefining how BFCache interacts with the CCNS directive, Google Chrome developers hope to create a more responsive browsing experience without compromising user security and privacy. Ordinary users can only watch the situation from the side, waiting for what it will lead to.
