Re: [manifest] Must manifests be same-origin? (#360) from Ben Francis on 2015-04-20 (public-webapps-github@w3.org from April 2015)

From: Ben Francis <notifications@github.com>
Date: Mon, 20 Apr 2015 05:12:27 -0700
To: w3c/manifest <manifest@noreply.github.com>
Message-ID: <w3c/manifest/issues/360/94435964@github.com>

Good question. Firefox OS currently prevents an application context being embedded inside a browsing context without a special permission, to prevent this kind of attack. Web content can always opt-out of their content rendering inside an iframe using an X-Frame-Options header, but maybe a more general protection is needed if this is a goal.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/360#issuecomment-94435964

Received on Monday, 20 April 2015 12:13:01 UTC