- From: Ojan Vafai <ojan@chromium.org>
- Date: Thu, 12 Apr 2012 13:17:50 -0700
On Thu, Apr 12, 2012 at 1:07 PM, Boris Zbarsky <bzbarsky at mit.edu> wrote: > On 4/12/12 3:49 PM, Adam Barth wrote: > >> The seamless part might be workable, since that leaks information only >> from the document in question. It's possible that there's a better >> mechanism than CORS for a child frame to opt into being seamless with >> its parent. >> > > Yes, I agree that having a way for a child to opt into being seamless is > desirable. That doesn't have the problems direct DOM access does. OK, I'm convinced that direct DOM access is a bad idea. seamless was the use-case I most cared about anyways. In theory, if we use seamless + CORS for the @src load and any navigations of the frame (including via Location), then this should be feasible, yes? Alternately, we could add a special http header and/or meta tag for this, like x-frame-options, but for the child frame to define it's relationship to the parent frame. Ojan
Received on Thursday, 12 April 2012 13:17:50 UTC