W3C home > Mailing lists > Public > public-web-perf@w3.org > September 2011

Re: Cross-Origin Resources and Resource Timing

From: Alois Reitbauer <alois.reitbauer@dynatrace.com>
Date: Wed, 7 Sep 2011 09:18:18 +0000
To: "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <A8638EB8DF9DE24D8C1E12D326D97AC34A7994@ATEX01.dynatrace.local>
Getting the overall time is already helpful while it makes diagnosing problems really hard missing the details. I have to say I am no security expert, so I am not the right person to judge the security implications.  It might be a good idea to state the security concerns in a non-normative section. As Pat pointed out third party providers will have to be convinced to support the new header. Having a strong reference like a W3C standard would be helpful here.

I was actually more concerned that a third-party script can access timing information of the page that loaded it. I would not want third party JavaScript like an ad-provider see what I load on my page.

// Alois
Received on Wednesday, 7 September 2011 09:19:21 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:31 UTC