[whatwg] Iframe dimensions

Tab Atkins Jr. jackalmage at gmail.com
Tue Nov 16 09:56:41 PST 2010

On Tue, Nov 16, 2010 at 12:02 AM, Markus Ernst <derernst at gmx.ch> wrote:
> From my humble author's POV, CORS is easy enough for tasks like the one I
> mentioned, if:
> - it is applicable at the server side with common scripting languages such
> as PHP

It is, very easily.  For pages that are already server-side scripts,
it's typically just one or two extra lines of code in the script, to
set the appropriate headers to be sent with the page.

For non-script pages, like videos, you can either pipe them through an
easy script that appends the headers, or use .htaccess (or similar for
your particular server technology) to add the headers automatically.

> - it is applicable at the client side without scripting

This is not possible, for the simple reason that the whole point of
CORS is to protect server resources.  If you could deal with CORS
purely on the client side, you'd be allowing the page author to
determine if they themself are allowed to access a file on another
server.  That's a pretty obvious inversion of responsibility.  ^_^


More information about the whatwg mailing list