W3C home > Mailing lists > Public > public-web-perf@w3.org > December 2013

RE: detecting connection speed

From: Aaron Heady (BING AVAILABILITY) <aheady@microsoft.com>
Date: Thu, 12 Dec 2013 16:48:14 +0000
To: Nic Jansma <nic@nicj.net>, "Reitbauer, Alois" <Alois.Reitbauer@compuware.com>, Yoav Weiss <yoav@yoav.ws>, James Graham <james@hoppipolla.co.uk>
CC: public-web-perf <public-web-perf@w3.org>
Message-ID: <8cd792bba7084395ad5549910655412f@BL2PR03MB322.namprd03.prod.outlook.com>

Thanks for digging this up. This is a very common blocker to features. What group is trying to come up with a better security model to address cross origin data sharing?



From: Nic Jansma [mailto:nic@nicj.net]
Sent: Wednesday, December 11, 2013 7:37 PM
To: Reitbauer, Alois; Yoav Weiss; James Graham
Cc: public-web-perf
Subject: Re: detecting connection speed

One of the reasons ResourceTiming v1 didn't expose bytes transferred was due to cross-origin security concerns, eg. detecting if a user had already downloaded a known image from a separate site mybank.com.  I would assume that is still a security concern, and it may limit the usefulness for some of the use-cases presented if they involve other origins.

I hadn't seen cross-origin limitations brought up, so I wanted to make sure everyone that was discussing this was aware of the issue.

Here's a thread from last year that discussed byte-size a bit:

- Nic


Received on Thursday, 12 December 2013 16:48:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:04:37 UTC