Re: [whatwg/fetch] Allow timing reporting with origin (for iframes) (PR #1388)

> In that case it should be fine, no? Theoretically it seems nicer to address it in the network layer as otherwise the "sensitive" value would have to be available in an agent cluster that can be attacker read. (Not the biggest problem by far, but would still be nice to have theoretically sound standards.)

Yes, I think it's fine and we can proceed. Implementations do this at the API layer

-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/1388#issuecomment-1064001893
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/pull/1388/c1064001893@github.com>

Received on Thursday, 10 March 2022 12:27:33 UTC