Re: [csswg-drafts] [css-sizing] Auto-resize iframes based on content from Robert Linder via GitHub on 2018-10-16 (public-css-archive@w3.org from October 2018)

From: Robert Linder via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Oct 2018 16:25:23 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-430303934-1539707121-sysbot+gh@w3.org>

> In the case of the iframe, the child page would need to send a HTTP header (e.g. `Expose-Height-Cross-Origin: 1`), so it does not leak information about that website

>From https://github.com/whatwg/html/issues/555:
> > For cross-origin I suppose the embeddee would need to opt-in somehow (e.g. meta tag), to not expose new information cross-origin.
> 
> Now that we have [Feature Policy](https://github.com/WICG/feature-policy), I think that's the way to go about that. Similarly, there is a proposal to [expose `bounds`](https://github.com/WICG/feature-policy/issues/132) cross-origin.
> 


-- 
GitHub Notification of comment by Malvoz
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1771#issuecomment-430303934 using your GitHub account

Received on Tuesday, 16 October 2018 16:25:25 UTC