Re: [whatwg/fetch] Allow timing reporting with origin (for iframes) (PR #1388) from Anne van Kesteren on 2022-03-10 (public-webapps-github@w3.org from March 2022)

From: Anne van Kesteren <notifications@github.com>
Date: Thu, 10 Mar 2022 03:48:47 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/1388/c1063971699@github.com>

In that case it should be fine, no? Theoretically it seems nicer to address it in the network layer as otherwise the "sensitive" value would have to be available in an agent cluster that can be attacker read. (Not the biggest problem by far, but would still be nice to have theoretically sound standards.)

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1388#issuecomment-1063971699
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1388/c1063971699@github.com>

Received on Thursday, 10 March 2022 11:48:59 UTC