[whatwg] Iframe dimensions

Anne van Kesteren annevk at opera.com
Wed Aug 11 10:39:19 PDT 2010

On Wed, 11 Aug 2010 19:03:28 +0200, Adam Barth <w3c at adambarth.com> wrote:
> On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> A solution at authoring level for cases where the author controls both  
>> pages
>> would be quite helpful. I think of a meta element in the embedded  
>> document
>> that specifies one or more domains that are allowed to embed it  
>> seamlessly
>> in an iframe, such as e.g.:
>> <meta name="allow-seamless-embedding" name="domain.tld,  
>> otherdomain.tld">
>> I think that this would be ok from a security POV, and much easier than
>> using CORS.
> That feels like re-inventing CORS.  Maybe we should make CORS easier
> to use instead?

What exactly is hard about it?

(Though I should note we should carefully study whether using CORS here is  
safe and sound. For instance, you may want to allow seamless embedding,  
but not share content.)

Anne van Kesteren

More information about the whatwg mailing list