When playing with HTML5 cache manifests, I eventually learned, that listing / under the NETWORK segment effectively rejects all off-domain connections, like CDN links for example.
CACHE MANIFEST
NETWORK:
/
Similarly, using * wildcard allows all resources:
CACHE MANIFEST
NETWORK:
*
Empty NETWORK segment rejects all connections anywhere:
CACHE MANIFEST
NETWORK:
Such network policy rules would be neat. Especially the / domain-lock looks to be a sweet little roadblock for XSS attacks. Do the browser implementations differ in this aspect or is it by the book and safe to use this as a basic level network filter, an another layer of a web app's "firewall"?
