- From: Yoav Weiss <notifications@github.com>
- Date: Thu, 07 Nov 2019 03:58:41 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 7 November 2019 11:58:44 UTC
> currently you cannot detect a second redirect to my knowledge That is correct. Currently you only get timing data of the very-first redirect's start and the very-lst redirect's end. > None of this seems particularly scary, indeed, but I'd like to be rather clear when we reveal more networking data than previously as sometimes the combination of a number of those sidechannels leads to issues. Might be worthwhile to add a note to Resource Timing indicating that same-origin redirects may contain sensitive information and we want to be careful when exposing more details about them. We already have requests to expose more information about redirects, but we could probably gate that behind TAO or some other opt-in (even for same origin) once we actually plan to do that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/955#issuecomment-551050272
Received on Thursday, 7 November 2019 11:58:44 UTC