Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1001+1002: cache vs cache_ssl: remove 1002 as redundant #792

Closed
Thorin-Oakenpants opened this issue Sep 9, 2019 · 2 comments
Closed

1001+1002: cache vs cache_ssl: remove 1002 as redundant #792

Thorin-Oakenpants opened this issue Sep 9, 2019 · 2 comments
Labels
enhancement

Comments

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Sep 9, 2019
edited
Loading

I was busy going through replacing/removing http links in the user.js (local) for a PR (along with some other minor things), and I came across 1001+1002, which has bugged me for a while

currently (my local copy)

/* 1001: disable disk cache
 * [SETUP-PERF] If you think disk cache may help (heavy tab user, high-res video),
 * or you use a hardened Temporary Containers, then feel free to override this
 * [NOTE] We also clear cache on exiting Firefox (see 2803) ***/
user_pref("browser.cache.disk.enable", false);
/* 1002: disable disk cache for HTTPS pages ***/
user_pref("browser.cache.disk_cache_ssl", false);

80% of page loads are now HTTPS (mozilla telemetry: page loads might not be the correct term, too lazy to re-look it up). It made me think if 1001 is a master pref: otherwise our setup tag should also be on 1002 as well. So, I did some tests in a vanilla profile using about:cache. 1001 when false caches everything to memory, including HTTP, regardless of the 1002 pref

Suggestion: remove 1002. It would be very edge case these days, or at least very little impact given the top sites are basically all HTTPS now, if someone wants to cache HTTP but not HTTPS (tested and it does work).

@claustromaniac , what are your thoughts
@claustromaniac
Copy link
Contributor

1002 is indeed redundant, and those who prefer to use the disk cache these days will need to set it to true. That pref made a lot more sense back in the days when SSL wasn't as common as it is today. Now it defaults to true even in vanilla Firefox.

Moreover, if someone enables 1001 but not 1002, I'm pretty sure the result will be that insecure content will be cached to disk, while most secure content will still be cached - but only to memory, and servers can detect this uncommon combination passively if they want (which sucks ass).

So yeah. I'd just get rid of it.

@Thorin-Oakenpants
Copy link
Contributor Author

if someone enables 1001 but not 1002, I'm pretty sure the result will be that insecure content will be cached to disk, while most secure content will still be cached

It all works exactly as you'd think. I tested it. What gets me the most is that we have a setup tag on the master, but 80% of traffic is controlled by 1002: so removing it removes mess that as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thorin-Oakenpants @claustromaniac