- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 09 Jun 2009 21:21:48 +0200
- To: "Tyler Close" <tyler.close@gmail.com>
- Cc: "Adam Barth" <w3c@adambarth.com>, "Mark S. Miller" <erights@google.com>, public-webapps <public-webapps@w3.org>
On Tue, 09 Jun 2009 21:15:18 +0200, Tyler Close <tyler.close@gmail.com> wrote: > Could you provide a code example that shows how to send an XHR request > to the same Origin without credentials using the HTML5 <iframe> > element? <iframe sandbox="allow-scripts" src="..."></iframe> where ... is some page that does an XMLHttpRequest to the a page that is same origin with the page that contains the <iframe>. (The page being fetched will have to specify Access-Control-Allow-Origin:* as the request is coming from a unique origin by virtue of the sandbox attribute. The request will include an Origin header but the value will always be null.) Also, if the document="" or some such attribute is introduced the code will no longer have to be on a separate page. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 9 June 2009 19:22:32 UTC