W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

Re: From-Origin FPWD

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 22 Jul 2011 13:47:59 -0700
Message-ID: <CA+c2ei9xfNiFvUMS26Db2jrs8FmyM9fOG_DuYuopAESBPJdC3Q@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: WebApps WG <public-webapps@w3.org>
It seems to me like this feature heavily overlaps with CORS. In fact,
it addresses the exact same cases, except that it does it for
resources which we for various reasons use
allow-embedding-but-not-reading cross site.

Would it make more sense to simply add this into CORS?

/ Jonas

On Fri, Jul 22, 2011 at 8:08 AM, Anne van Kesteren <annevk@opera.com> wrote:
> Hi,
>
> The WebApps WG published the From-Origin header proposal as FPWD:
>
>  http://www.w3.org/TR/from-origin/
>
> The main open issue is whether X-Frame-Options should be replaced by this
> header or should absorb its functionality somehow.
>
> Cheers,
>
>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>
>
Received on Friday, 22 July 2011 20:49:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:46 GMT