- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 05 Nov 2019 03:03:51 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 5 November 2019 11:04:09 UTC
annevk commented on this pull request. > @@ -1800,6 +1805,15 @@ initially unset. being provided to an API that didn't make a range request. See the flag's usage for a detailed description of the attack. +<p>A <a for=/>response</a> has an associated +<dfn for=response id=concept-response-timing-allow-failed-flag>timing allow failed flag</dfn>, which I'm somewhat okay with it, but I still think a positive flag would be better for the response side, starting out unset. That would also mean the default is safe. (The trailer stuff should maybe change a bit, but also might go away as nobody implements it.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/955#discussion_r342502215
Received on Tuesday, 5 November 2019 11:04:09 UTC