- From: Deng, Pan <pan.deng@intel.com>
- Date: Mon, 4 Feb 2013 09:11:34 +0000
- To: "public-web-perf@w3.org" <public-web-perf@w3.org>
- Message-ID: <BA467B16E3516645B35B7BB72D744DBA0FDB09BB@SHSMSX102.ccr.corp.intel.com>
In Section 4.3 about 'redirectStart', 'redirectEnd', CR doc[1]says: "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met, this attribute must return ......" What is the meaning of "Timing-Allow-Origin HTTP response header rules are met"? Consider scenario: doc D req R1 -> R2 -> R3 -> R4. ( "->" : redirect, R4 is the final resource) It may imply: a), Any Ri's response timing-allowing-origin D. (apply to any Ri and doc D) b), R1's response timing-allow-origin D, R2's response timing allow R1... till R4's response timing allow R3. (apply to redirect chain) >From timing-allow-check algorithm in [2], it can be inferred that a) is the right one. However, Processing Model 3.19a of [1] says "If the current resource and the resource that is redirected to are not from the same origin, set redirectStart and redirectEnd to 0". Here redirectStart/End should be reset once there is a cross-origin redirect, without Timing-Allow-Origin consideration at all, is it a typo here? To make the spec more clearly, I suggest a small modification to avoid the inconsistency: Statement in section 4.3 can be modified to "if any of the redirects are not from the same origin as the current document, and the Timing-Allow-Origin HTTP response header rules are met by current document", and Processing Model 3.19a can be modified to "current resource and the document are not from same origin, and Timing-Allow-Origin HTTP response header rule is not met by the document, set redirectStart and redirectEnd to 0". Any idea? Thanks :) Pan [1] http://www.w3.org/TR/2012/CR-resource-timing-20120522/ [2] https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/ResourceTiming/Overview.html#timing-allow-check
Received on Monday, 4 February 2013 09:12:14 UTC