[whatwg] crossorigin property on iframe
Anne van Kesteren
annevk at opera.com
Thu Apr 12 13:35:38 PDT 2012
On Thu, 12 Apr 2012 22:17:50 +0200, Ojan Vafai <ojan at chromium.org> wrote:
> OK, I'm convinced that direct DOM access is a bad idea. seamless was the
> use-case I most cared about anyways. In theory, if we use seamless + CORS
> for the @src load and any navigations of the frame (including via
> Location), then this should be feasible, yes?
>
> Alternately, we could add a special http header and/or meta tag for this,
> like x-frame-options, but for the child frame to define it's relationship
> to the parent frame.
The problem with CORS might be that if you want to expose content for
embedding with seamless that depends on credentials, XMLHttpRequest can
request that information then too. As a developer trying to make seamless
work cross-origin you might not anticipate that.
On the other hand, the enormous growing number of one-off flags developers
can attach to resources for various features is starting to get worrisome.
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list