- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 12 Apr 2012 21:46:36 +0200
On Thu, 12 Apr 2012 21:30:00 +0200, Ojan Vafai <ojan at chromium.org> wrote: > We should add a crossorigin property on iframe that causes the request to > use CORS. If it's an allowed cross-domain request, then the page should > have access to the DOM of the frame. > > Also, seamless should work (assuming the CORS request succeeded of > course). One tricky thing here is that seamless needs to stop working if > the frame is navigated to a different origin to which it does not have > CORS access. This cannot work. CORS only works for sharing a single resource. If you expose a DOM on a different origin that *entire* origin would be exposed, which would be way more than CORS allows for. You'll have to use a postMessage()-based workaround I'm afraid. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 12 April 2012 12:46:36 UTC