W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Iframe dimensions

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 11 Aug 2010 19:39:19 +0200
Message-ID: <op.vhabbtds64w2qv@anne-van-kesterens-macbook-pro.local>
On Wed, 11 Aug 2010 19:03:28 +0200, Adam Barth <w3c at adambarth.com> wrote:
> On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> A solution at authoring level for cases where the author controls both  
>> pages
>> would be quite helpful. I think of a meta element in the embedded  
>> document
>> that specifies one or more domains that are allowed to embed it  
>> seamlessly
>> in an iframe, such as e.g.:
>> <meta name="allow-seamless-embedding" name="domain.tld,  
>> otherdomain.tld">
>>
>> I think that this would be ok from a security POV, and much easier than
>> using CORS.
>
> That feels like re-inventing CORS.  Maybe we should make CORS easier
> to use instead?

What exactly is hard about it?


(Though I should note we should carefully study whether using CORS here is  
safe and sound. For instance, you may want to allow seamless embedding,  
but not share content.)


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 11 August 2010 10:39:19 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:26 UTC