> Per-site caching negates the principal selling point of centrally-hosted JS and resources
It doesn't or more correctly the benefit wasn't really a think in most cases.
I will not start the discussion her again but on previous hacker news articles about this topic you will find very extensive discussions about how in practice the caches often didn't work out well for all kinds of reasons and how you still have a per-domain cache so it anyway mainly matters the first time you visit a domain but not later times and how the JS ecosystem is super fragmented even if it's about the same library etc. etc.
> cause it reduces the value that unscrupulous free CDN providers can derive from their "properties".
Not really, the value of a CDN is to serve content to the user from a "close by" node in a reliable way allowing you to focus on the non static parts of your site (wrt. to traffic balancing and similar).
Shared caches technically never did matter that much wrt. CDN's (but people used it IMHO wrongly as selling point).
> Plus, FF can preserve the value by allowing cross domain resource caching as long as the request specifies a hash.
This does not work as you still can have the same timing attacks the hash only helps wrt. source integrity from CDN's but not with chach based time attacks.
Still what should be possible without timing attack channels is to de-duplicate the storage of resources (through not easy and likely not worth it for most use-cases). So you will only lose the most times small speed post on the load time when you open a domain the first time.
It doesn't or more correctly the benefit wasn't really a think in most cases.
I will not start the discussion her again but on previous hacker news articles about this topic you will find very extensive discussions about how in practice the caches often didn't work out well for all kinds of reasons and how you still have a per-domain cache so it anyway mainly matters the first time you visit a domain but not later times and how the JS ecosystem is super fragmented even if it's about the same library etc. etc.
> cause it reduces the value that unscrupulous free CDN providers can derive from their "properties".
Not really, the value of a CDN is to serve content to the user from a "close by" node in a reliable way allowing you to focus on the non static parts of your site (wrt. to traffic balancing and similar).
Shared caches technically never did matter that much wrt. CDN's (but people used it IMHO wrongly as selling point).