W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Iframe dimensions

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 16 Nov 2010 10:12:25 -0800
Message-ID: <AANLkTikwv3F1x+LBpmPY-eGiCzGRQY3DdkNaGFQ4cO2j@mail.gmail.com>
On Tue, Nov 16, 2010 at 10:06 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>>> - it is applicable at the client side without scripting
>>
>> This is not possible, for the simple reason that the whole point of
>> CORS is to protect server resources. ?If you could deal with CORS
>> purely on the client side, you'd be allowing the page author to
>> determine if they themself are allowed to access a file on another
>> server. ?That's a pretty obvious inversion of responsibility. ?^_^
>
> Well, more precisely there is nothing that needs to be done on the client
> side for CORS, right?

Ah, if that's what Markus was getting at, then yes.  CORS requires
*zero* work on the client side, since it's completely done in the
server-browser interaction.  The entirety of the client's interaction
in the process is the initial request for a resource.

~TJ
Received on Tuesday, 16 November 2010 10:12:25 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC