mdn/content

Be more accurate about cross-origin protections

Open

#23.740 geöffnet am 18. Jan. 2023

Auf GitHub ansehen
 (0 Kommentare) (0 Reaktionen) (0 zugewiesene Personen)Markdown (22.427 Forks)batch import
Content:WebAPIarea: Performance APIeffort: mediumhelp wanted

Repository-Metriken

Stars
 (8.900 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 7T 3h) (147 gemergte PRs in 30 T)

Beschreibung

MDN URL

https://developer.mozilla.org/en-US/docs/Web/API/Resource_Timing_API

What specific section or headline is this issue about?

No response

What information was incorrect, unhelpful, or incomplete?

  • Timing-Allow-Origin is needed for CORS and no-cors, it's for cross-origin protection
  • In the case of cross-origin iframes, responseEnd might measure when the iframe finished loading completely with all its subresources, not just the main resource.
  • encoded/decoded body size are (soon to be) CORS-protected rather than TAO protected

What did you expect to see?

See above

Do you have any supporting links, references, or citations?

No response

Do you have anything more you want to share?

No response

MDN metadata

Contributor Guide