[whatwg] Iframe dimensions
Ian Hickson
ian at hixie.ch
Mon Nov 15 15:32:35 PST 2010
On Wed, 11 Aug 2010, Markus Ernst wrote:
> Am 11.08.2010 00:24 schrieb Ian Hickson:
> > On Mon, 5 Jul 2010, Markus Ernst wrote:
> [...]
> > > Example: http://test.rapid.ch/de/haendler-schweiz/iseki.html (This is
> > > under construction.) As a workaround to the height problem, I applied a
> > > script that adjusts the iframe height to the available height in the
> > > browser window. But of course the user experience would be more consistent
> > > if the page could behave like a single page, with only one scrollbar at
> > > the right of the browser window.
> >
> > If you control both pages and can't use seamless, you can use postMessage()
> > to negotiate a size. On the long term, I expect we'll make seamless work
> > with CORS somehow. I'm waiting until we properly understand how CORS is used
> > in the wild before adding it all over the place in HTML.
>
> A solution at authoring level for cases where the author controls both
> pages would be quite helpful. I think of a meta element in the embedded
> document that specifies one or more domains that are allowed to embed it
> seamlessly in an iframe, such as e.g.: <meta
> name="allow-seamless-embedding" name="domain.tld, otherdomain.tld">
>
> I think that this would be ok from a security POV, and much easier than
> using CORS.
On Wed, 11 Aug 2010, Adam Barth wrote:
>
> That feels like re-inventing CORS. Maybe we should make CORS easier to
> use instead?
On Wed, 11 Aug 2010, Anne van Kesteren wrote:
>
> What exactly is hard about it?
>
> (Though I should note we should carefully study whether using CORS here
> is safe and sound. For instance, you may want to allow seamless
> embedding, but not share content.)
I'd like to echo Anne's comments. If CORS is hard, then we should change
that; if it's not, then we should use it (once we know it's solid).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list