Open noamr opened 1 year ago
annevk
commented
1 year ago Yeah, navigations in nested navigables will need special logic. Thought: make fetch skip navigations for any kind of reporting purposes and make HTML deal with it explicitly in a way that HTML knows is safe.
noamr
commented
1 year ago I understand the thought but I think actually fetch has all the required knowledge: don't report status/type for nested navigations that are cross-origin or have cross-origin redirects. I can prepare a patch (I wanted to see https://github.com/whatwg/fetch/pull/1579 merged before I put anything on top)
annevk
commented
1 year ago It looks like you ended up closing that in favor of an HTML PR.
Currently the spec relies on opaque filtered responses to hide response status code and mime type from resource timing. However, this does not work for iframes because their responses are not opaque & filtered.
In the chromium implementation we hide these information for cross-origin iframes or for iframes with cross-origin redirects. We should either do that or specify something else and change the implementation.