[whatwg] Iframe dimensions

On Tue, Nov 16, 2010 at 10:06 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>>> - it is applicable at the client side without scripting
>>
>> This is not possible, for the simple reason that the whole point of
>> CORS is to protect server resources. ?If you could deal with CORS
>> purely on the client side, you'd be allowing the page author to
>> determine if they themself are allowed to access a file on another
>> server. ?That's a pretty obvious inversion of responsibility. ?^_^
>
> Well, more precisely there is nothing that needs to be done on the client
> side for CORS, right?

Ah, if that's what Markus was getting at, then yes.  CORS requires
*zero* work on the client side, since it's completely done in the
server-browser interaction.  The entirety of the client's interaction
in the process is the initial request for a resource.

~TJ

Received on Tuesday, 16 November 2010 10:12:25 UTC