2
votes

i am wondering whats the use of the network section of the HTML5 Cache Manifest?

from offline resource in firefox

The online whitelist may contain zero or more URIs of resources that the web application will need to access off the server rather than the offline cache. This lets the browser's security model protect the user from potential security breaches by limiting access only to approved resources

i wonder why is this required. won't files not listed in the explicit section of the cache manifest not be cached anyway?

1

1 Answers

1
votes

I understand (from reading Dive Into HTML5) that when an application with a manifest attempts to request files from a different domain, it may only do so if they are listed in the NETWORK section. Anything not listed in the network section will appear to be unreachable, even when online. This may be what that quote means by "protect(ing) the user from potential security breaches by limiting access only to approved resources" -- you may make a web application offline to seal it off from the rest of the web and prevent cross-site scripting.

It seems like some weird rules. And it doesn't look like there's much difference between a local file listed in NETWORK and a file not listed at all. (As you say, I don't get why you need to list something in NETWORK to ensure it is requested each time; surely anything not explicitly cached will be requested every time.)

Also I have noticed on Chrome (but not Firefox) that files explicitly listed in NETWORK do not fall back to the offline FALLBACK URLs when offline; they just result in an error. That could just be a quirk of Chrome though.