- From: James Simonsen <simonjam@chromium.org>
- Date: Fri, 17 Feb 2012 09:58:53 -0800
- To: "public-web-perf@w3.org" <public-web-perf@w3.org>
- Message-ID: <CAPVJQikxB01Xsv6PLYAkQa0JbtixhBsWu+Mihp1UndTO1NxaYw@mail.gmail.com>
On Fri, Feb 17, 2012 at 8:21 AM, Andy Davies <dajdavies@gmail.com> wrote: > I'm only following this from afar but... > > >From my perspective as someone who helps optimise page load times I'd > prefer a detailed breakdown of the timing for the third party > resources to be available via resource timing. > > My reading of the current version of the spec indicates that this > information won't be available unless the origin allows it. > > As we divide sites up over multiple hostnames, include more third > party resources etc., then the Timing-Allow-Origin is going to grow > or just get set to * > As with CORS, most servers will just respond with the Origin that was sent with the request, assuming it's allowed. There's no need to return all of them on every request. > Having read 4.5 Cross-origin Resources a few times there something I'm > not clear on: > > If I want to include a script from google.com and expose it's timings > I need a HTTP header of Timing-Allow-Origin : google.com > > Does this also then also expose the resource timings for the page to > any scripts loaded from google.com or will CORS prevent this? > It's the other way around. Google must allow you to see how long it takes to load their script by specifying your hostname in their Timing-Allow-Origin header. James
Received on Friday, 17 February 2012 17:59:23 UTC