[whatwg] Iframe dimensions
Anne van Kesteren
annevk at opera.com
Wed Aug 11 10:39:19 PDT 2010
On Wed, 11 Aug 2010 19:03:28 +0200, Adam Barth <w3c at adambarth.com> wrote:
> On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> A solution at authoring level for cases where the author controls both
>> pages
>> would be quite helpful. I think of a meta element in the embedded
>> document
>> that specifies one or more domains that are allowed to embed it
>> seamlessly
>> in an iframe, such as e.g.:
>> <meta name="allow-seamless-embedding" name="domain.tld,
>> otherdomain.tld">
>>
>> I think that this would be ok from a security POV, and much easier than
>> using CORS.
>
> That feels like re-inventing CORS. Maybe we should make CORS easier
> to use instead?
What exactly is hard about it?
(Though I should note we should carefully study whether using CORS here is
safe and sound. For instance, you may want to allow seamless embedding,
but not share content.)
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list