[whatwg] AllowSeamless

Markus Ernst derernst at gmx.ch
Sun May 27 05:23:19 PDT 2012 

Am 27.05.2012 12:19 schrieb Adam Barth:
> On Sun, May 27, 2012 at 3:00 AM, Markus Ernst<derernst at gmx.ch>  wrote:
>> Am 27.05.2012 02:16 schrieb Adam Barth:
>>> I've added a proposal to the wiki
>>> <http://wiki.whatwg.org/wiki/AllowSeamless>    about letting a document
>>> indicate that it is willing to be displayed seamlessly with a
>>> cross-origin parent.  This proposal is a refinement of the approach
>>> previously discussed in this thread:
>>> <http://old.nabble.com/crossorigin-property-on-iframe-td33677754.html>.
>>>
>>> Let me know if you have any feedback.
>>
>> I have a strong feeling that per-origin control should be made easy for
>> authors. I must admit that I am not familiar with the mechanisms you name,
>> Frame-Options and ancestor-origins - and both are quite hard to google for.
>>  From what I found I assume both are about HTTP headers.
>>
>> If they are solutions that can be used easily with server-side languages
>> such as PHP, I think we can live with it. But anyway it is a complication;
>> I'd personnally prefer something like
>> allowseemles="example.org, *.example.org, shop.otherdomain.com"
>>
>> Or maybe space separated, and separate inherit-style with comma:
>> allowseemles="example.org *.example.org shop.otherdomain.com, inherit-style"
>>
>> (Regardless of whether it is in the HTML element or in a META element.)
>
> I had difficulty coming up with use cases that weren't better served
> with frame-ancestors and/or Frame-Options.  Do you have a specific use
> case in mind to explain your feelings?

My use case is a content provider, who provides e.g. a Sudoku 
application or a weather forecast for wind surfers. Paying customers are 
allowed to embed the content seamlessly in their web sites. The content 
can also be embedded for free, but not seamlessly.

The content provider includes some corporate info, such as his/her own 
logo, and a "provided by XY" notice and link to his/her own page. The 
paying customers then can apply their own styling, and set the corporate 
info to "display:none" in the style sheet of the top document, via 
seamless embedding.

More information about the whatwg mailing list