RE: detecting connection speed from Aaron Heady (BING AVAILABILITY) on 2013-12-12 (public-web-perf@w3.org from December 2013)

From: Aaron Heady (BING AVAILABILITY) <aheady@microsoft.com>
Date: Thu, 12 Dec 2013 16:48:14 +0000
To: Nic Jansma <nic@nicj.net>, "Reitbauer, Alois" <Alois.Reitbauer@compuware.com>, Yoav Weiss <yoav@yoav.ws>, James Graham <james@hoppipolla.co.uk>
CC: public-web-perf <public-web-perf@w3.org>
Message-ID: <8cd792bba7084395ad5549910655412f@BL2PR03MB322.namprd03.prod.outlook.com>

Nic,

Thanks for digging this up. This is a very common blocker to features. What group is trying to come up with a better security model to address cross origin data sharing?

Thanks,

Aaron


From: Nic Jansma [mailto:nic@nicj.net]
Sent: Wednesday, December 11, 2013 7:37 PM
To: Reitbauer, Alois; Yoav Weiss; James Graham
Cc: public-web-perf
Subject: Re: detecting connection speed

One of the reasons ResourceTiming v1 didn't expose bytes transferred was due to cross-origin security concerns, eg. detecting if a user had already downloaded a known image from a separate site mybank.com.  I would assume that is still a security concern, and it may limit the usefulness for some of the use-cases presented if they involve other origins.

I hadn't seen cross-origin limitations brought up, so I wanted to make sure everyone that was discussing this was aware of the issue.

Here's a thread from last year that discussed byte-size a bit:
http://lists.w3.org/Archives/Public/public-web-perf/2013Jan/0000.html


- Nic

http://nicj.net/

@NicJ

Received on Thursday, 12 December 2013 16:48:46 UTC