RE: detecting connection speed

Nic,

Thanks for digging this up. This is a very common blocker to features. What group is trying to come up with a better security model to address cross origin data sharing?

Thanks,

Aaron


From: Nic Jansma [mailto:nic@nicj.net]
Sent: Wednesday, December 11, 2013 7:37 PM
To: Reitbauer, Alois; Yoav Weiss; James Graham
Cc: public-web-perf
Subject: Re: detecting connection speed

One of the reasons ResourceTiming v1 didn't expose bytes transferred was due to cross-origin security concerns, eg. detecting if a user had already downloaded a known image from a separate site mybank.com.  I would assume that is still a security concern, and it may limit the usefulness for some of the use-cases presented if they involve other origins.

I hadn't seen cross-origin limitations brought up, so I wanted to make sure everyone that was discussing this was aware of the issue.

Here's a thread from last year that discussed byte-size a bit:
http://lists.w3.org/Archives/Public/public-web-perf/2013Jan/0000.html


- Nic

http://nicj.net/

@NicJ

Received on Thursday, 12 December 2013 16:48:46 UTC