We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Avatar for Username

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

이 쓰레드는 보존되었습니다. 만약 도움이 필요하시면 새로운 질문을 올려주세요.

Use data-sha1 attribute to compare scripts, css, etc. avoiding the need for CDNs that track

  • 2 답장
  • 1 이 문제를 만남
  • 3 보기
  • 최종 답변자: AliceWonder

AliceWonder
AliceWonder
more options

Hi, I would like to see an attribute added to FireFox (and every browser) to decrease tracking.

When webmasters use a public CDN (e.g. scripts.google.com or wherever) for things like jQuery etc., they are potentially opening up their users to tracking by those CDNs.

If we had a data-sha1 attribute that could contain the sha1sum of the script we are referencing, it could improve security and privacy in two ways:

A) Prevent cases where the CDN has been compromised altering the resource being referenced, because then the checksum won't match.

B) If the browser already has a script cached with a matching checksum, then it doesn't need to fetch it from any CDN or server etc. or even ask if the version it has is current. If the checksum of a resource in cache matches, then it is the same file regardless of where it came from and the browser does not need to send any headers to anyone.

Okay, the possibility of collisions exist even though the odds are astronomically low, so maybe verify the filename matches too.

Hi, I would like to see an attribute added to FireFox (and every browser) to decrease tracking. When webmasters use a public CDN (e.g. scripts.google.com or wherever) for things like jQuery etc., they are potentially opening up their users to tracking by those CDNs. If we had a data-sha1 attribute that could contain the sha1sum of the script we are referencing, it could improve security and privacy in two ways: A) Prevent cases where the CDN has been compromised altering the resource being referenced, because then the checksum won't match. B) If the browser already has a script cached with a matching checksum, then it doesn't need to fetch it from any CDN or server etc. or even ask if the version it has is current. If the checksum of a resource in cache matches, then it is the same file regardless of where it came from and the browser does not need to send any headers to anyone. Okay, the possibility of collisions exist even though the odds are astronomically low, so maybe verify the filename matches too.

모든 댓글 (2)

the-edmeister
the-edmeister
  • Moderator
more options

Suggestions to improve Firefox can be submitted here: https://input.mozilla.org/en-US/feedback

Or a Bug report can be filed. https://bugzilla.mozilla.org/

https://developer.mozilla.org/en/Bug_writing_guidelines

AliceWonder
AliceWonder 질문자
more options

Their feedback seems to be about existing features as the interface wants to know what made me happy or sad, and this is a request - not feedback on what made me happy or sad.

It's also not a bug.