User Agent may want to restrict cross-origin transferSize/encodedBodySize/decodedBodySize visibility even with TAO #342
Comments
|
This was discussed at TPAC, and there was agreement we can allow such UA liberties in the spec. @achristensen07 - Are you interested in submitting a PR to that effect? |
|
I can make a PR |
achristensen07
added a commit
to achristensen07/resource-timing
that referenced
this issue
Jan 26, 2023
even with the presence of TAO header fields. This resolves w3c#342
achristensen07
added a commit
to achristensen07/resource-timing
that referenced
this issue
Jan 26, 2023
even with the presence of TAO header fields. This resolves w3c#342
yoavweiss
pushed a commit
that referenced
this issue
Mar 3, 2023
even with the presence of TAO header fields. This resolves #342
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Doing so would prevent a side-channel to gather data even from origins that send TAO headers. Similar to w3c/server-timing#89 which proposes a similar restriction for Server Timing.
The text was updated successfully, but these errors were encountered: