W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2012

[whatwg] Proposal: location.parentOrigin

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 3 Apr 2012 16:48:46 -0700
Message-ID: <CAJE5ia9q3mzT7m9GHmkK8TSd1-VEtrbSpmjdENCanofPrhpGSw@mail.gmail.com>
On Tue, Apr 3, 2012 at 4:32 PM, Ian Hickson <ian at hixie.ch> wrote:
> On Tue, 3 Apr 2012, Adam Barth wrote:
>> Talking with some folks off-list, there are also use cases for knowing
>> the origin of the top-most document.
>
> Could you elaborate on those use cases? (And also those for parent.origin,
> though those seem more obvious, e.g. disabling features to protect against
> clickjacking in unauthorised embeddings.)

The use case is the same as in the previous email, specifically:

---8<---
Some widgets want to behave differently depending on the context in
which they are embedded.  For example, a payment widget might want to
send the user to a confirmation page for most web sites but might be
confortable with a more streamlined user experience when embedded on a
whitelist of sites with which they have a contractual relationship.
--->8---

The payment widget might care about all of its ancestors.  For
example, suppose the payment operator has a relationship with
store.example.com.  They might wish to fall back to using a
confirmation page if store.example.com is embedded as a frame in
another web site (e.g., pintrest).

Adam
Received on Tuesday, 3 April 2012 16:48:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:07 GMT