Comments (3)
yoavweiss
commented on July 21, 2024
I think that is the best route forward, assuming we can pull it off and convince most third parties that they must add TAO headers.
I guess the biggest question here is if there are third party use-cases that would violate user privacy by enabling TAO (e.g. widgets that change resources fetched based on user login/preference/unread messages, etc).
from transfer-size.
csharrison
commented on July 21, 2024
I'm concerned this would be extremely difficult in practice. Do we have a sense for a minimum number of third parties which we would need to add TAO header to enable even a single ad to render correctly (assuming we block resources without TAO)? My hunch is that it would be a big effort.
from transfer-size.
jkarlin
commented on July 21, 2024
I agree with csharrison@. The primary use-case for size policy is to restrict third-party ads and social widgets so that publishers have more control over the user experience of their pages. If you require TAO then the publisher really doesn't have any more control than before.
from transfer-size.
Related Issues (16)
- Setting transfer size in the response header? HOT 2
- Report-only mode HOT 2
- CSS property for TSP? HOT 11
- Header vs attribute configuration HOT 1
- Specifying limits in iframe request headers
- Questions about design HOT 4
- Document resource-types supported in transfersize HOT 1
- transfer-size as a Feature-Policy? HOT 2
- Is this still active? HOT 2
- How do we do data accounting for ServiceWorker requests? HOT 12
- Accounting with encodedBodySize doesn't work with SDCH HOT 4
- Mitigating the cross-origin size leak if we don't use TAO opt-in
- Restrictions modified by browser config or platform flag? HOT 2
- Scenario: video playback HOT 25
- Request to rename Content Size Policy to Network Policy HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from transfer-size.