Re: Cross Origin and Resource Timing

On Fri, Feb 17, 2012 at 8:21 AM, Andy Davies <> wrote:

> I'm only following this from afar but...
> >From my perspective as someone who helps optimise page load times I'd
> prefer a detailed breakdown of the timing for the third party
> resources to be available via resource timing.
> My reading of the current version of the spec indicates that this
> information won't be available unless the origin allows it.
> As we divide sites up over multiple hostnames, include more third
> party resources etc., then  the Timing-Allow-Origin is going to grow
> or just get set to *

As with CORS, most servers will just respond with the Origin that was sent
with the request, assuming it's allowed. There's no need to return all of
them on every request.

> Having read 4.5 Cross-origin Resources a few times there something I'm
> not clear on:
> If I want to include a script from and expose it's timings
> I need a HTTP header of Timing-Allow-Origin :
> Does this also then also expose the resource timings for the page to
> any scripts loaded from or will CORS prevent this?

It's the other way around. Google must allow you to see how long it takes
to load their script by specifying your hostname in their
Timing-Allow-Origin header.


Received on Friday, 17 February 2012 17:59:23 UTC