- From: Thomas Roessler <tlr@w3.org>
- Date: Fri, 22 Jul 2011 17:57:08 +0200
- To: J Ross Nicoll <jrn@jrn.me.uk>
- Cc: Thomas Roessler <tlr@w3.org>, WebApps WG <public-webapps@w3.org>, Tobias Gondrom <tobias.gondrom@gondrom.org>
I recommend reading the relevant Internet-Draft: http://tools.ietf.org/html/draft-gondrom-frame-options-01 The draft formalizeds X-Frame-Options as Frame-Options. The issue is on the side of the headers' technical design. Regards, -- Thomas Roessler, W3C <tlr@w3.org> (@roessler) On Jul 22, 2011, at 17:52 , J Ross Nicoll wrote: > In my opinion, we should not be supporting X-* headers any more than > absolutely necessary, so phasing out X-Frame-Options in preference of > From-Origin would be the correct way to go. I'm aware this does mean a > cross-over period where servers are likely to have to provide both > headers, and it might be worth specifying what is expected if both are > present and conflict (use From-Origin in preference to X-Frame-Options, > perhaps). > > Ross > > On 22/07/2011 16:08, "Anne van Kesteren" <annevk@opera.com> wrote: > >> Hi, >> >> The WebApps WG published the From-Origin header proposal as FPWD: >> >> http://www.w3.org/TR/from-origin/ >> >> The main open issue is whether X-Frame-Options should be replaced by this >> >> header or should absorb its functionality somehow. >> >> Cheers, >> >> >> -- >> Anne van Kesteren >> http://annevankesteren.nl/ >> > > > >
Received on Friday, 22 July 2011 15:57:12 UTC