- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 12 Apr 2012 22:35:38 +0200
On Thu, 12 Apr 2012 22:17:50 +0200, Ojan Vafai <ojan at chromium.org> wrote: > OK, I'm convinced that direct DOM access is a bad idea. seamless was the > use-case I most cared about anyways. In theory, if we use seamless + CORS > for the @src load and any navigations of the frame (including via > Location), then this should be feasible, yes? > > Alternately, we could add a special http header and/or meta tag for this, > like x-frame-options, but for the child frame to define it's relationship > to the parent frame. The problem with CORS might be that if you want to expose content for embedding with seamless that depends on credentials, XMLHttpRequest can request that information then too. As a developer trying to make seamless work cross-origin you might not anticipate that. On the other hand, the enormous growing number of one-off flags developers can attach to resources for various features is starting to get worrisome. -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 12 April 2012 13:35:38 UTC