- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 3 Apr 2012 16:48:46 -0700
On Tue, Apr 3, 2012 at 4:32 PM, Ian Hickson <ian at hixie.ch> wrote: > On Tue, 3 Apr 2012, Adam Barth wrote: >> Talking with some folks off-list, there are also use cases for knowing >> the origin of the top-most document. > > Could you elaborate on those use cases? (And also those for parent.origin, > though those seem more obvious, e.g. disabling features to protect against > clickjacking in unauthorised embeddings.) The use case is the same as in the previous email, specifically: ---8<--- Some widgets want to behave differently depending on the context in which they are embedded. For example, a payment widget might want to send the user to a confirmation page for most web sites but might be confortable with a more streamlined user experience when embedded on a whitelist of sites with which they have a contractual relationship. --->8--- The payment widget might care about all of its ancestors. For example, suppose the payment operator has a relationship with store.example.com. They might wish to fall back to using a confirmation page if store.example.com is embedded as a frame in another web site (e.g., pintrest). Adam
Received on Tuesday, 3 April 2012 16:48:46 UTC