[whatwg] Iframe dimensions

Adam Barth w3c at adambarth.com
Wed Aug 11 10:03:28 PDT 2010


On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
> Am 11.08.2010 00:24 schrieb Ian Hickson:
>> On Mon, 5 Jul 2010, Markus Ernst wrote:
>>> Example: http://test.rapid.ch/de/haendler-schweiz/iseki.html (This is
>>> under construction.) As a workaround to the height problem, I applied a
>>> script that adjusts the iframe height to the available height in the browser
>>> window. But of course the user experience would be more consistent if the
>>> page could behave like a single page, with only one scrollbar at the right
>>> of the browser window.
>>
>> If you control both pages and can't use seamless, you can use
>> postMessage() to negotiate a size. On the long term, I expect we'll make
>> seamless work with CORS somehow. I'm waiting until we properly understand
>> how CORS is used in the wild before adding it all over the place in HTML.
>
> A solution at authoring level for cases where the author controls both pages
> would be quite helpful. I think of a meta element in the embedded document
> that specifies one or more domains that are allowed to embed it seamlessly
> in an iframe, such as e.g.:
> <meta name="allow-seamless-embedding" name="domain.tld, otherdomain.tld">
>
> I think that this would be ok from a security POV, and much easier than
> using CORS.

That feels like re-inventing CORS.  Maybe we should make CORS easier
to use instead?

Adam



More information about the whatwg mailing list