Steps to reproduce
When fetching a cross-origin resource where the origin only differs by port, TAO-restricted attributes (such as domainStart, connectEnd, etc) are still exposed.
Repro case: https://nicj.net/dev/resourcetiming/error-resources.html (under TCP failure (same domain, different port))
It’s possible this only affects failure cases (e.g. TCP connection failures), I haven’t been able to test successful same-host-different-port-without-TAO cases.
(Does not affect IE 11)
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “Zachariah L.”
Changed Assigned To to “Mike D.”
Changed Assigned To to “Arvind M.”