You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
readonly attribute unsigned long long transferSize;
readonly attribute unsigned long long encodedBodySize;
readonly attribute unsigned long long decodedBodySize;
Maybe I missed where the spec says it, but I don't think these should be exposed for resources you wouldn't normally have access to. You could use the byte lengths to do all kinds of information leakage across origins.
The text was updated successfully, but these errors were encountered:
If the last non-redirected fetch of the resource is not the same origin as the current document, transferSize must return zero unless the timing allow check algorithm passes.
If the last non-redirected fetch of the resource is not the same origin as the current document, encodedBodySize must return zero unless the timing allow check algorithm passes.
If the last non-redirected fetch of the resource is not the same origin as the current document, decodedBodySize must return zero unless the timing allow check algorithm passes.
Maybe I missed where the spec says it, but I don't think these should be exposed for resources you wouldn't normally have access to. You could use the byte lengths to do all kinds of information leakage across origins.
The text was updated successfully, but these errors were encountered: