Edge exposing TAO-restricted timings when port differs

Issue #20329563 • Assigned to Arvind M.


Nic J.
Jan 28, 2019
This issue is public.
Found in
  • Microsoft Edge
Standard affected
Resource Timing Level 2

Found in build #
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Similar to https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/12702038/

When fetching a cross-origin resource where the origin only differs by port, TAO-restricted attributes (such as domainStart, connectEnd, etc) are still exposed.

e.g. fetching https://www.foo.com:5000/ from https://www.foo.com/

Repro case: https://nicj.net/dev/resourcetiming/error-resources.html (under TCP failure (same domain, different port))

It’s possible this only affects failure cases (e.g. TCP connection failures), I haven’t been able to test successful same-host-different-port-without-TAO cases.

(Does not affect IE 11)


0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Zachariah L.”

      Changed Assigned To to “Mike D.”

      Changed Assigned To to “Arvind M.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in