[whatwg] Iframe dimensions
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Nov 16 10:06:22 PST 2010
On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>> - it is applicable at the client side without scripting
>
> This is not possible, for the simple reason that the whole point of
> CORS is to protect server resources. If you could deal with CORS
> purely on the client side, you'd be allowing the page author to
> determine if they themself are allowed to access a file on another
> server. That's a pretty obvious inversion of responsibility. ^_^
Well, more precisely there is nothing that needs to be done on the
client side for CORS, right?
-Boris
More information about the whatwg
mailing list