- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 03 Jan 2023 04:42:07 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 3 January 2023 12:42:19 UTC
@annevk commented on this pull request. Overall this looks good, couple nits on the first note. And I guess OP still has to be completed, right? > + <p class=note>Reporting timing information for cross-origin navigations without + `<code>Timing-Allow-Origin</code>` may expose information about user interaction with that without the Timing-Allow-Origin header* > - <p class=note>This covers the case of <var>response</var> being a <a>network error</a>. + <ol> + <li> + <p>If <var>fetchParams</var>'s + <a for="fetch params">request</a>'s <a for=request>mode</a> is "<code>navigate</code>", + then abort these steps. + + <p class=note>Reporting timing information for cross-origin navigations without + `<code>Timing-Allow-Origin</code>` may expose information about user interaction with that + origin. Thinking about this again the description here is misleading as it's not just user interaction but general nested document navigations that can be problematic, right? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1579#pullrequestreview-1234490990 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1579/review/1234490990@github.com>
Received on Tuesday, 3 January 2023 12:42:19 UTC