W3C home > Mailing lists > Public > public-web-perf@w3.org > February 2012

Re: Cross Origin and Resource Timing

From: James Simonsen <simonjam@chromium.org>
Date: Fri, 17 Feb 2012 09:58:53 -0800
Message-ID: <CAPVJQikxB01Xsv6PLYAkQa0JbtixhBsWu+Mihp1UndTO1NxaYw@mail.gmail.com>
To: "public-web-perf@w3.org" <public-web-perf@w3.org>
On Fri, Feb 17, 2012 at 8:21 AM, Andy Davies <dajdavies@gmail.com> wrote:

> I'm only following this from afar but...
>
> >From my perspective as someone who helps optimise page load times I'd
> prefer a detailed breakdown of the timing for the third party
> resources to be available via resource timing.
>
> My reading of the current version of the spec indicates that this
> information won't be available unless the origin allows it.
>
> As we divide sites up over multiple hostnames, include more third
> party resources etc., then  the Timing-Allow-Origin is going to grow
> or just get set to *
>

As with CORS, most servers will just respond with the Origin that was sent
with the request, assuming it's allowed. There's no need to return all of
them on every request.


> Having read 4.5 Cross-origin Resources a few times there something I'm
> not clear on:
>
> If I want to include a script from google.com and expose it's timings
> I need a HTTP header of Timing-Allow-Origin : google.com
>
> Does this also then also expose the resource timings for the page to
> any scripts loaded from google.com or will CORS prevent this?
>

It's the other way around. Google must allow you to see how long it takes
to load their script by specifying your hostname in their
Timing-Allow-Origin header.

James
Received on Friday, 17 February 2012 17:59:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 17 February 2012 17:59:24 GMT