[whatwg] Iframe dimensions from Ian Hickson on 2010-11-15 (public-whatwg-archive@w3.org from November 2010)

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 15 Nov 2010 23:32:35 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1011152330310.26618@ps20323.dreamhostps.com>

On Wed, 11 Aug 2010, Markus Ernst wrote:
> Am 11.08.2010 00:24 schrieb Ian Hickson:
> > On Mon, 5 Jul 2010, Markus Ernst wrote:
> [...]
> > > Example: http://test.rapid.ch/de/haendler-schweiz/iseki.html (This is
> > > under construction.) As a workaround to the height problem, I applied a
> > > script that adjusts the iframe height to the available height in the
> > > browser window. But of course the user experience would be more consistent
> > > if the page could behave like a single page, with only one scrollbar at
> > > the right of the browser window.
> > 
> > If you control both pages and can't use seamless, you can use postMessage()
> > to negotiate a size. On the long term, I expect we'll make seamless work
> > with CORS somehow. I'm waiting until we properly understand how CORS is used
> > in the wild before adding it all over the place in HTML.
> 
> A solution at authoring level for cases where the author controls both 
> pages would be quite helpful. I think of a meta element in the embedded 
> document that specifies one or more domains that are allowed to embed it 
> seamlessly in an iframe, such as e.g.: <meta 
> name="allow-seamless-embedding" name="domain.tld, otherdomain.tld">
> 
> I think that this would be ok from a security POV, and much easier than 
> using CORS.

On Wed, 11 Aug 2010, Adam Barth wrote:
> 
> That feels like re-inventing CORS.  Maybe we should make CORS easier to 
> use instead?

On Wed, 11 Aug 2010, Anne van Kesteren wrote:
> 
> What exactly is hard about it?
> 
> (Though I should note we should carefully study whether using CORS here 
> is safe and sound. For instance, you may want to allow seamless 
> embedding, but not share content.)

I'd like to echo Anne's comments. If CORS is hard, then we should change 
that; if it's not, then we should use it (once we know it's solid).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 15 November 2010 15:32:35 UTC