[whatwg] Iframe dimensions

Anne van Kesteren annevk at opera.com
Wed Aug 11 10:39:19 PDT 2010


On Wed, 11 Aug 2010 19:03:28 +0200, Adam Barth <w3c at adambarth.com> wrote:
> On Wed, Aug 11, 2010 at 8:05 AM, Markus Ernst <derernst at gmx.ch> wrote:
>> A solution at authoring level for cases where the author controls both  
>> pages
>> would be quite helpful. I think of a meta element in the embedded  
>> document
>> that specifies one or more domains that are allowed to embed it  
>> seamlessly
>> in an iframe, such as e.g.:
>> <meta name="allow-seamless-embedding" name="domain.tld,  
>> otherdomain.tld">
>>
>> I think that this would be ok from a security POV, and much easier than
>> using CORS.
>
> That feels like re-inventing CORS.  Maybe we should make CORS easier
> to use instead?

What exactly is hard about it?


(Though I should note we should carefully study whether using CORS here is  
safe and sound. For instance, you may want to allow seamless embedding,  
but not share content.)


-- 
Anne van Kesteren
http://annevankesteren.nl/



More information about the whatwg mailing list