I am using resource timing api to capture the encoded, decoded and transfer size of all the resources of a page,but for some of the resources it is giving the zero for all the 3 keys. Please help me to solve this.
why resource timing api is giving the encoded , decoded and transfer size of some resources as 0?
185 views Asked by Siddu At
2
There are 2 answers
0
On
it happens for the cross origin resources when the "Timing-Allow-Origin" header is not set by the server and hence wont expose the resource timing values please go through the specification here
hope this answers your question.
The
Timing-Allow-Originheader is a response header. It can be zero due to the cross-origin restrictions.You can check your browser header response section. Also, you want to share the timing data with a web site.
Or, you can specify a wild card, but it not recommended because it will open yourself up to cross-site timing attacks via the Web Resource Timing API.
Bonus: Twitter Silhouette Attack