Closed achristensen07 closed 1 year ago
Doing so would prevent a side-channel to gather data even from origins that send TAO headers. Similar to https://github.com/w3c/server-timing/issues/89 which proposes a similar restriction for Server Timing.
This was discussed at TPAC, and there was agreement we can allow such UA liberties in the spec.
@achristensen07 - Are you interested in submitting a PR to that effect?
I can make a PR
Doing so would prevent a side-channel to gather data even from origins that send TAO headers. Similar to https://github.com/w3c/server-timing/issues/89 which proposes a similar restriction for Server Timing.