W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Iframe dimensions

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 16 Nov 2010 13:06:22 -0500
Message-ID: <4CE2C81E.70304@mit.edu>
On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>> - it is applicable at the client side without scripting
>
> This is not possible, for the simple reason that the whole point of
> CORS is to protect server resources.  If you could deal with CORS
> purely on the client side, you'd be allowing the page author to
> determine if they themself are allowed to access a file on another
> server.  That's a pretty obvious inversion of responsibility.  ^_^

Well, more precisely there is nothing that needs to be done on the 
client side for CORS, right?

-Boris
Received on Tuesday, 16 November 2010 10:06:22 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC