Re: [ResourceTiming] "timing allow check" steps depend on underdefined behavior from Arvind Jain on 2014-05-23 (public-web-perf@w3.org from May 2014)

From: Arvind Jain <arvind@google.com>
Date: Thu, 22 May 2014 20:25:45 -0700
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Jatinder Mann <jmann@microsoft.com>, "public-web-perf@w3.org" <public-web-perf@w3.org>
Message-ID: <CAOYaDdPCXwr-DR4_XzBnzQWLFoxep_o6Rx4=m_ha5j5RyKnEXw@mail.gmail.com>

https://w3c.github.io/web-performance/specs/ResourceTiming/Overview.html

The current document is the as described in step 1 of the processing model.

The timing allow check algorithm takes the current document as a parameter:
"The timing allow check algorithm, which checks whether a cross-origin
resource's timing information can be shared with the current document, is
as follows:
....
"
I may have missed your question again.

On Thu, May 22, 2014 at 9:42 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:

> On 5/22/14, 12:15 PM, Jatinder Mann wrote:
>
>> Good point, not all cross-origin fetches will have an Origin header. What
>> if we simplified step 3 of the algorithm as so:
>>
>> 3.     If the value of Timing-Allow-Origin is not a match for the value
>> of the origin of the current document
>>
>
> What does "current document" mean?
>
> -Boris
>
>
>

Received on Friday, 23 May 2014 03:26:15 UTC