[whatwg] Cross-origin opt-in for seamless iframes [was: Iframe dimensions]

Anne van Kesteren annevk at opera.com
Wed Jul 7 07:50:01 PDT 2010


On Wed, 07 Jul 2010 16:36:30 +0200, Markus Ernst <derernst at gmx.ch> wrote:
> I tried to read about CORS, but did not understand the whole of it. Can  
> CORS be set up via server-side scripting, with PHP or whatever? Then it  
> will be an acceptable solution, and sooner or later libraries will be  
> available for both the server and the client side.
>
> If CORS must be set up by the server administrator, it will be a problem  
> in shared hosting environments.
>
> Anyway, for something that looks as easy as allowing an iframe to  
> seamlessly integrate a document, the overhead of server-side setup and  
> client-side scripting looks huge to me, and it also has the downside of  
> being dependent on Javascript.

Dependent on JavaScript? Adding a header to a resource is not a huge  
overhead. (As an aside, even in shared hosting environments you can  
usually have complete control over what goes out. It's just more  
complicated. But it does not become less complicated if you have your own  
hosting environment either...)

But this discussion is premature. We should first have a couple of  
implementations of seamless before we make things more complicated.


-- 
Anne van Kesteren
http://annevankesteren.nl/



More information about the whatwg mailing list