On Fri, Feb 13, 2015 at 2:50 PM, Yoav Weiss <yoav@yoav.ws> wrote:
> If I understand correctly, each host is declaring its own report URL,
> which means no failure data leaks between hosts? If that's the case, I
> think we're good in terms of the security concerns raised in the call.
Yep, that's right, that's the behavior as currently specced.
However, I do think we should (separately) investigate if/how it would be
possible to open up cross-origin reporting to help address the third-party
SPOF+performance concerns. The specific use case is: "as a site who embeds
third-party resources, I would like to get NEL reports for those
third-party resources as they may negatively affect performance and
functionality of my site".
---
I've merged the "drop-navigation" branch -- thanks everyone! Finally, one
more thing: any objections to "network error logging"? If not, I'll go
ahead and update the repo name on GitHub.
ig