W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

Re: From-Origin FPWD

From: Thomas Roessler <tlr@w3.org>
Date: Fri, 22 Jul 2011 17:57:08 +0200
Cc: Thomas Roessler <tlr@w3.org>, WebApps WG <public-webapps@w3.org>, Tobias Gondrom <tobias.gondrom@gondrom.org>
Message-Id: <626EA970-8777-4799-9A1C-9AE9A8B011FD@w3.org>
To: J Ross Nicoll <jrn@jrn.me.uk>
I recommend reading the relevant Internet-Draft:
	http://tools.ietf.org/html/draft-gondrom-frame-options-01

The draft formalizeds X-Frame-Options as Frame-Options.  The issue is on the side of the headers' technical design.

Regards,
--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)







On Jul 22, 2011, at 17:52 , J Ross Nicoll wrote:

> In my opinion, we should not be supporting X-* headers any more than
> absolutely necessary, so phasing out X-Frame-Options in preference of
> From-Origin would be the correct way to go. I'm aware this does mean a
> cross-over period where servers are likely to have to provide both
> headers, and it might be worth specifying what is expected if both are
> present and conflict (use From-Origin in preference to X-Frame-Options,
> perhaps).
> 
> Ross
> 
> On 22/07/2011 16:08, "Anne van Kesteren" <annevk@opera.com> wrote:
> 
>> Hi,
>> 
>> The WebApps WG published the From-Origin header proposal as FPWD:
>> 
>>  http://www.w3.org/TR/from-origin/
>> 
>> The main open issue is whether X-Frame-Options should be replaced by this
>> 
>> header or should absorb its functionality somehow.
>> 
>> Cheers,
>> 
>> 
>> -- 
>> Anne van Kesteren
>> http://annevankesteren.nl/
>> 
> 
> 
> 
> 
Received on Friday, 22 July 2011 15:57:12 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:46 GMT