W3C home > Mailing lists > Public > public-web-perf@w3.org > March 2011

[Resource Timing] Cross Domain Resource Timing

From: Jatinder Mann <jmann@microsoft.com>
Date: Wed, 23 Mar 2011 02:02:27 +0000
To: "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <EE4C13A1D11CFA49A58343DE361B0B0405473D@TK5EX14MBXC253.redmond.corp.microsoft.com>
One of the remaining open items in the Resource Timing spec is how to enable cross-domain access to resource timing information.

The current proposal of allowedDomain attribute is incomplete. This solution only works for resources that act as HTML containers (DIV, IFRAME, etc). There is no way for other resources, such as IMG, AUDIO, VIDEO, etc, to consume the allowedDomain attribute - these resources do not have the ability to set this meta tag.

Getting inspiration from the CORS spec, http://www.w3.org/TR/cors/, I recommend we consider a HTTP response solution similar to the Access-Control-Allow-Origin response header.

This solution would allow a server to return a particular HTTP response that would allow the user agent to display cross-domain resource timing information to all or a subset of domains. This solution would be complete, as it wouldn't preclude any resource type, and would have a consistent usage pattern that web developers are used to.

An example of the spec text could be as so:
Timing-Allow-Origin Response Header
The Timing-Allow-Origin header indicates whether a resource can be shared based by returning the value of the Origin<http://www.w3.org/TR/cors/#http-origin> request header in the response. ABNF:
Timing-Allow-Origin = "Timing-Allow-Origin" ":" origin-list-or-null | "*"
origin-list-or-null is defined by The Origin HTTP Header specification [ORIGIN]<http://www.w3.org/TR/cors/#ref-origin>.
We may need to include additional preamble on the HTTP response. Let's discuss this issue on the call tomorrow.

Received on Wednesday, 23 March 2011 02:03:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:30 UTC