[whatwg] Iframe dimensions

Boris Zbarsky bzbarsky at MIT.EDU
Tue Nov 16 10:06:22 PST 2010


On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>> - it is applicable at the client side without scripting
>
> This is not possible, for the simple reason that the whole point of
> CORS is to protect server resources.  If you could deal with CORS
> purely on the client side, you'd be allowing the page author to
> determine if they themself are allowed to access a file on another
> server.  That's a pretty obvious inversion of responsibility.  ^_^

Well, more precisely there is nothing that needs to be done on the 
client side for CORS, right?

-Boris



More information about the whatwg mailing list