Re: [whatwg/fetch] Add TAO check (#955)

npm1 commented on this pull request.



> @@ -1800,6 +1805,15 @@ initially unset.
 being provided to an API that didn't make a range request. See the flag's usage for a detailed
 description of the attack.
 
+<p>A <a for=/>response</a> has an associated
+<dfn for=response id=concept-response-timing-allow-failed-flag>timing allow failed flag</dfn>, which

It makes sense for the consumer but I saw that all existing flags are initially unset. Request's flag must start in 'success' so that once it flips to failure it never goes back. In order for it to start in success and unset, it must be the failure flag.

And I think it would be odd to have 'timing allow failed flag' in requests and 'timing allow succeeded flag' in responses. There's already 'trailer failed flag' in response, so overall for consistency it seems preferable to have the 'failed' flags here, what do you think?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/955#discussion_r342257257

Received on Monday, 4 November 2019 20:35:59 UTC