- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 11 Aug 2010 10:03:28 -0700
On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote: > Am 11.08.2010 00:24 schrieb Ian Hickson: >> On Mon, 5 Jul 2010, Markus Ernst wrote: >>> Example: http://test.rapid.ch/de/haendler-schweiz/iseki.html (This is >>> under construction.) As a workaround to the height problem, I applied a >>> script that adjusts the iframe height to the available height in the browser >>> window. But of course the user experience would be more consistent if the >>> page could behave like a single page, with only one scrollbar at the right >>> of the browser window. >> >> If you control both pages and can't use seamless, you can use >> postMessage() to negotiate a size. On the long term, I expect we'll make >> seamless work with CORS somehow. I'm waiting until we properly understand >> how CORS is used in the wild before adding it all over the place in HTML. > > A solution at authoring level for cases where the author controls both pages > would be quite helpful. I think of a meta element in the embedded document > that specifies one or more domains that are allowed to embed it seamlessly > in an iframe, such as e.g.: > <meta name="allow-seamless-embedding" name="domain.tld, otherdomain.tld"> > > I think that this would be ok from a security POV, and much easier than > using CORS. That feels like re-inventing CORS. Maybe we should make CORS easier to use instead? Adam
Received on Wednesday, 11 August 2010 10:03:28 UTC