[whatwg] Proposal: location.parentOrigin
Adam Barth
w3c at adambarth.com
Tue Apr 3 16:48:46 PDT 2012
On Tue, Apr 3, 2012 at 4:32 PM, Ian Hickson <ian at hixie.ch> wrote:
> On Tue, 3 Apr 2012, Adam Barth wrote:
>> Talking with some folks off-list, there are also use cases for knowing
>> the origin of the top-most document.
>
> Could you elaborate on those use cases? (And also those for parent.origin,
> though those seem more obvious, e.g. disabling features to protect against
> clickjacking in unauthorised embeddings.)
The use case is the same as in the previous email, specifically:
---8<---
Some widgets want to behave differently depending on the context in
which they are embedded. For example, a payment widget might want to
send the user to a confirmation page for most web sites but might be
confortable with a more streamlined user experience when embedded on a
whitelist of sites with which they have a contractual relationship.
--->8---
The payment widget might care about all of its ancestors. For
example, suppose the payment operator has a relationship with
store.example.com. They might wish to fall back to using a
confirmation page if store.example.com is embedded as a frame in
another web site (e.g., pintrest).
Adam
More information about the whatwg
mailing list