amppackager icon indicating copy to clipboard operation
amppackager copied to clipboard

Published 20 hours ago verified publisher icon ampproject

Option for a cache-busting cert-url

Open twifkak opened this issue 6 years ago • 2 comments
trafficstars

Consider an option to include ?YYYYMMDD in the cert-url so that it busts any caches that don't respect the cache-control header.

twifkak avatar Apr 18 '19 04:04 twifkak

Maybe better yet, base it on the OCSP response (checksum? timestamp?).

twifkak avatar Apr 18 '19 04:04 twifkak

I'm not sure what problem this was originally trying to solve, to know if it's worth doing the hacky thing above.

The less hacky thing could be useful in the long-term (e.g. for WICG/webpackage#121):

  • [ ] Add a new option in amppkg.toml, UniqueCertURLs (default false) that, if enabled, causes signer.go to output SXGs with cert-url that include id=blah, where blah is the base64 encoding of the sha256 of the entire CBOR.
  • [ ] Add some code in certcache.go:ServeHTTP to refuse to serve if id is present and incorrect.

(base64(sha256(cbor)) is a strawman digest; others would be fine.)

twifkak avatar Jul 30 '19 21:07 twifkak