Hacker News new | past | comments | ask | show | jobs | submit login

Nice catch, never thought about it. Is it more problematic with preffixes (vs. suffixes etc.) or should we generally avoid any random string? Appending a hash to the script is very convenient to force the download of the new version of an asset (but maybe we have better solutions now, haven't considered this issue in a while).



In your site's code, reference the asset in a path that includes the timestamp the asset file last changed.

e.g.

/js/1476929634/myscript.js instead of /js/myscript.js

Then use your webserver to rewrite /js/<any number>/myscript.js to /js/myscript.js


You can also do /js/myscript.js?v=1476929634 -- this generally works without any server-side changes. A CRC32 might work better, since controlling mtimes can be annoying.


You can, but that can cause issues with browser caching (http://www.stevesouders.com/blog/2008/08/23/revving-filename...) and in any case I prefer the cleaner urls :-)

Plus, once it's configured you never have to worry about it again.


Or just use a decimal hash, rather than hex? Eg in python3:

  import hashlib as h
  int(h.sha256(b" ").hexdigest(), 16)
> 24725091799402603688614593151141908335745916334489781770578761787218146381928

  h.sha256(b" ").hexdigest()
> 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

It's longer, but even a 256-hash isn't that long? (and sha1 would probably be fine, obviously)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: