Re: [whatwg/fetch] Add TAO check (#955)

yutakahirano commented on this pull request.



> @@ -1800,6 +1805,15 @@ initially unset.
 being provided to an API that didn't make a range request. See the flag's usage for a detailed
 description of the attack.
 
+<p>A <a for=/>response</a> has an associated
+<dfn for=response id=concept-response-timing-allow-failed-flag>timing allow check flag</dfn>, which
+is initially unset.
+
+<p class=note>This is used so that the caller to a fetch can determine if sensitive timing data is

IIUC this is not exposed to JS - it's a concept field.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/955#discussion_r343433698

Received on Thursday, 7 November 2019 02:21:02 UTC