W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2010

[whatwg] Iframe dimensions

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 11 Aug 2010 19:39:19 +0200
Message-ID: <op.vhabbtds64w2qv@anne-van-kesterens-macbook-pro.local>
On Wed, 11 Aug 2010 19:03:28 +0200, Adam Barth <w3c at adambarth.com> wrote:
> On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> A solution at authoring level for cases where the author controls both  
>> pages
>> would be quite helpful. I think of a meta element in the embedded  
>> document
>> that specifies one or more domains that are allowed to embed it  
>> seamlessly
>> in an iframe, such as e.g.:
>> <meta name="allow-seamless-embedding" name="domain.tld,  
>> otherdomain.tld">
>> I think that this would be ok from a security POV, and much easier than
>> using CORS.
> That feels like re-inventing CORS.  Maybe we should make CORS easier
> to use instead?

What exactly is hard about it?

(Though I should note we should carefully study whether using CORS here is  
safe and sound. For instance, you may want to allow seamless embedding,  
but not share content.)

Anne van Kesteren
Received on Wednesday, 11 August 2010 10:39:19 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:26 UTC