W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2012

Re: [whatwg] AllowSeamless

From: Markus Ernst <derernst@gmx.ch>
Date: Sun, 27 May 2012 14:23:19 +0200
Message-ID: <4FC21CB7.1040408@gmx.ch>
To: Adam Barth <w3c@adambarth.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Eric Seidel <eric@webkit.org>, Ojan Vafai <ojan@chromium.org>
Am 27.05.2012 12:19 schrieb Adam Barth:
> On Sun, May 27, 2012 at 3:00 AM, Markus Ernst<derernst@gmx.ch>  wrote:
>> Am 27.05.2012 02:16 schrieb Adam Barth:
>>> I've added a proposal to the wiki
>>> <http://wiki.whatwg.org/wiki/AllowSeamless>    about letting a document
>>> indicate that it is willing to be displayed seamlessly with a
>>> cross-origin parent.  This proposal is a refinement of the approach
>>> previously discussed in this thread:
>>> <http://old.nabble.com/crossorigin-property-on-iframe-td33677754.html>.
>>> Let me know if you have any feedback.
>> I have a strong feeling that per-origin control should be made easy for
>> authors. I must admit that I am not familiar with the mechanisms you name,
>> Frame-Options and ancestor-origins - and both are quite hard to google for.
>>  From what I found I assume both are about HTTP headers.
>> If they are solutions that can be used easily with server-side languages
>> such as PHP, I think we can live with it. But anyway it is a complication;
>> I'd personnally prefer something like
>> allowseemles="example.org, *.example.org, shop.otherdomain.com"
>> Or maybe space separated, and separate inherit-style with comma:
>> allowseemles="example.org *.example.org shop.otherdomain.com, inherit-style"
>> (Regardless of whether it is in the HTML element or in a META element.)
> I had difficulty coming up with use cases that weren't better served
> with frame-ancestors and/or Frame-Options.  Do you have a specific use
> case in mind to explain your feelings?

My use case is a content provider, who provides e.g. a Sudoku 
application or a weather forecast for wind surfers. Paying customers are 
allowed to embed the content seamlessly in their web sites. The content 
can also be embedded for free, but not seamlessly.

The content provider includes some corporate info, such as his/her own 
logo, and a "provided by XY" notice and link to his/her own page. The 
paying customers then can apply their own styling, and set the corporate 
info to "display:none" in the style sheet of the top document, via 
seamless embedding.
Received on Sunday, 27 May 2012 12:24:42 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:42 UTC