Remove cross-origin isolation requirement (#41)

WICG / js-self-profiling

Proposal for a programmable JS profiling API for collecting JS profiles from real end-user environments

Other

197 stars 13 forks source link

Remove cross-origin isolation requirement (#41) #45

Closed acomminos closed 3 years ago

acomminos commented 3 years ago

As per the results of the WebAppSec WG discussion, remove the dependency on cross-origin isolation. Update the Privacy and Security section of the spec accordingly to illustrate the security considerations made.

acomminos commented 3 years ago

@shhnjk, PTAL. Thanks!

acomminos commented 3 years ago

Browser builtins (such as performance.now()) may still be included when invoked from cross-origin script

Probably better to mention that this is cross-origin no-cors scripts. Not sure if there is a better term in the spec

Sounds good. Updated, thanks!