[whatwg] Iframe dimensions
Tab Atkins Jr.
jackalmage at gmail.com
Tue Nov 16 10:12:25 PST 2010
On Tue, Nov 16, 2010 at 10:06 AM, Boris Zbarsky <bzbarsky at mit.edu> wrote:
> On 11/16/10 12:56 PM, Tab Atkins Jr. wrote:
>>> - it is applicable at the client side without scripting
>>
>> This is not possible, for the simple reason that the whole point of
>> CORS is to protect server resources. If you could deal with CORS
>> purely on the client side, you'd be allowing the page author to
>> determine if they themself are allowed to access a file on another
>> server. That's a pretty obvious inversion of responsibility. ^_^
>
> Well, more precisely there is nothing that needs to be done on the client
> side for CORS, right?
Ah, if that's what Markus was getting at, then yes. CORS requires
*zero* work on the client side, since it's completely done in the
server-browser interaction. The entirety of the client's interaction
in the process is the initial request for a resource.
~TJ
More information about the whatwg
mailing list