Hey all,
Aligning RT to the spec here would mean that response header sizes will no longer be directly exposed, even for same origin resources or resources with Timing-Allow-Origin headers. This is because it seems
unsafe to expose header sizes directly.
It also means that redirect chains won't count towards the size exposed in `transferSize`. While we could specify and accumulate redirect body sizes, it seems like we'd be better off
reporting redirects directly in the future, in case it becomes a priority.
This change is web observable for folks that'd try really hard to do so (e.g. by adding header sizes to JS on the server side, and then verify that `transferSize-encodedBodySize` doesn't match that value).
At the same time, it's hard to imagine content relying on this, so I believe a PSA is sufficient in this case. Let me know if you think otherwise.
Cheers,
Yoav