Re: [navigation-error-logging] remove "navigation" requirement? from Ilya Grigorik on 2015-02-14 (public-web-perf@w3.org from February 2015)

From: Ilya Grigorik <igrigorik@google.com>
Date: Fri, 13 Feb 2015 16:39:16 -0800
To: Yoav Weiss <yoav@yoav.ws>
Cc: Todd Reifsteck <toddreif@microsoft.com>, public-web-perf <public-web-perf@w3.org>, "Aaron Heady (BING AVAILABILITY)" <aheady@microsoft.com>
Message-ID: <CADXXVKrynUt3Nddk3m5vonHSm0xYbYmHUe1Ni+Mc6Ht4zsFYyQ@mail.gmail.com>

On Fri, Feb 13, 2015 at 2:50 PM, Yoav Weiss <yoav@yoav.ws> wrote:

> If I understand correctly, each host is declaring its own report URL,
> which means no failure data leaks between hosts? If that's the case, I
> think we're good in terms of the security concerns raised in the call.

Yep, that's right, that's the behavior as currently specced.

However, I do think we should (separately) investigate if/how it would be
possible to open up cross-origin reporting to help address the third-party
SPOF+performance concerns. The specific use case is: "as a site who embeds
third-party resources, I would like to get NEL reports for those
third-party resources as they may negatively affect performance and
functionality of my site".

---

I've merged the "drop-navigation" branch -- thanks everyone! Finally, one
more thing: any objections to "network error logging"? If not, I'll go
ahead and update the repo name on GitHub.

ig

Received on Saturday, 14 February 2015 00:40:24 UTC