>From previous threads (e.g. http://lists.w3.org/Archives/Public/public-webappsec/2014Sep/0024.html), it's not clear that Boris agrees with you. But it's nice to see that Jonas does. -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Fri, Oct 24, 2014 at 1:13 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Oct 24, 2014 at 11:52 AM, Mike West <mkwst@google.com> wrote: > > WebKit and Blink/Opera implement `window.location.ancestorOrigins`, which > > might help you here. Firefox has (quite plausible) privacy concerns with > > that API. > > We might be ready to reconsider this. I was wondering though whether > the API can still be made asynchronous given everyone's out-of-process > <iframe> aspirations. > > > -- > https://annevankesteren.nl/ >
Received on Friday, 24 October 2014 12:12:52 UTC