[Resource Timing] Cross Domain Resource Timing

One of the remaining open items in the Resource Timing spec is how to enable cross-domain access to resource timing information.

The current proposal of allowedDomain attribute is incomplete. This solution only works for resources that act as HTML containers (DIV, IFRAME, etc). There is no way for other resources, such as IMG, AUDIO, VIDEO, etc, to consume the allowedDomain attribute - these resources do not have the ability to set this meta tag.

Getting inspiration from the CORS spec, http://www.w3.org/TR/cors/, I recommend we consider a HTTP response solution similar to the Access-Control-Allow-Origin response header.

This solution would allow a server to return a particular HTTP response that would allow the user agent to display cross-domain resource timing information to all or a subset of domains. This solution would be complete, as it wouldn't preclude any resource type, and would have a consistent usage pattern that web developers are used to.

An example of the spec text could be as so:
Timing-Allow-Origin Response Header
The Timing-Allow-Origin header indicates whether a resource can be shared based by returning the value of the Origin<http://www.w3.org/TR/cors/#http-origin> request header in the response. ABNF:
Timing-Allow-Origin = "Timing-Allow-Origin" ":" origin-list-or-null | "*"
origin-list-or-null is defined by The Origin HTTP Header specification [ORIGIN]<http://www.w3.org/TR/cors/#ref-origin>.
We may need to include additional preamble on the HTTP response. Let's discuss this issue on the call tomorrow.

Thanks,
Jatinder

Received on Wednesday, 23 March 2011 02:03:05 UTC