- From: Noam Rosenthal <notifications@github.com>
- Date: Thu, 27 Jan 2022 03:41:45 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 27 January 2022 11:41:57 UTC
Currently TAO (Timing-Allow-Origin) is checked as part of the CORS mechanism. However, for iframes it needs to be checked at the end, relative to the containing document's origin. Implementations already do this. I wonder how to go about it spec-wise: - To create a variant of `Finalize and Report timing` that does this, receiving an origin - Export some internals of the TAO check and let HTML do this when reporting an iframe (I think I prefer this, and it's closer to implementations) -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1387 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/issues/1387@github.com>
Received on Thursday, 27 January 2022 11:41:57 UTC