- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 22 Jul 2011 13:47:59 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: WebApps WG <public-webapps@w3.org>
It seems to me like this feature heavily overlaps with CORS. In fact, it addresses the exact same cases, except that it does it for resources which we for various reasons use allow-embedding-but-not-reading cross site. Would it make more sense to simply add this into CORS? / Jonas On Fri, Jul 22, 2011 at 8:08 AM, Anne van Kesteren <annevk@opera.com> wrote: > Hi, > > The WebApps WG published the From-Origin header proposal as FPWD: > > http://www.w3.org/TR/from-origin/ > > The main open issue is whether X-Frame-Options should be replaced by this > header or should absorb its functionality somehow. > > Cheers, > > > -- > Anne van Kesteren > http://annevankesteren.nl/ > >
Received on Friday, 22 July 2011 20:49:04 UTC