- From: Markus Ernst <derernst@gmx.ch>
- Date: Tue, 06 Jul 2010 12:49:56 +0200
Am 06.07.2010 12:31 schrieb Aryeh Gregor: > On Tue, Jul 6, 2010 at 4:40 AM, Markus Ernst <derernst at gmx.ch> wrote: >> Thank you and Boris for your examples. I see the security issues. Anyway It >> would be very helpful in cases like mine, where security and privacy are not >> affected, to get an easy way to do this opt-in without the need of complex >> scripting, and independent from @seamless. Embedding content from external >> providers looks like a quite common case to me, and an easy opt-in mechanism >> would help both the customers and the providers of embedded content. > > So what you're saying is that you really do just want seamless="" with > easy cross-origin opt-in, right? That sounds entirely logical, and > I'm not sure why it's not specced already (or at least I don't see > it). Could this be easily added to CORS? CORS isn't so easy to set > up, of course, but I'm not sure it's practical to do better. An HTML > tag would work, for HTML pages (the common case for iframes), but then > the UA wouldn't know whether it's allowed to be seamless until it > started parsing the response, which might have complications. > > I don't know why you keep saying "independent from @seamless" without > giving any reason for it. Seamless seems like exactly what you want. My problem is this sentence in the spec for seamless: "This will cause links to open in the parent browsing context." In an application like http://test.rapid.ch/de/haendler-schweiz/iseki.html, the external page should be able to re-call itself inside the iframe, for example if a sort link is clicked or a search form submitted.
Received on Tuesday, 6 July 2010 03:49:56 UTC