Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2013-07-17 Thread Ian Hickson
On Mon, 3 Dec 2012, Mikko Rantalainen wrote: It seems to me like the best solution is to have a new HTTP header, with the four following values being allowed: Seamless-Options: allow-shrink-wrap Seamless-Options: allow-styling Seamless-Options: allow-shrink-wrap

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-15 Thread Jonas Sicking
On Wed, Dec 5, 2012 at 8:54 AM, Ian Hickson i...@hixie.ch wrote: On Wed, 5 Dec 2012, Jonas Sicking wrote: It seems to me like the best solution is to have a new HTTP header, with the four following values being allowed: Seamless-Options: allow-shrink-wrap Seamless-Options:

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-05 Thread Jonas Sicking
On Mon, Dec 3, 2012 at 9:57 AM, Adam Barth w...@adambarth.com wrote: On Fri, Nov 30, 2012 at 6:57 PM, Ian Hickson i...@hixie.ch wrote: On Sat, 26 May 2012, Adam Barth wrote: [CSP] CSP doesn't seem to include any features that would let you limit who is allowed to iframe you, so I don't

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-05 Thread Markus Ernst
Am 05.12.2012 10:45 schrieb Jonas Sicking: I hear no end of people arguing that HTTP headers are too hard for people to use. Could we make these settable through meta elements as well as, or instead of, using headers. I am one of those authors with limited technical background. IMHO the

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-05 Thread Ian Hickson
On Wed, 5 Dec 2012, Jonas Sicking wrote: It seems to me like the best solution is to have a new HTTP header, with the four following values being allowed: Seamless-Options: allow-shrink-wrap Seamless-Options: allow-styling Seamless-Options: allow-shrink-wrap allow-styling

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-03 Thread Mikko Rantalainen
Ian Hickson, 2012-12-01 04:57 (Europe/Helsinki): ...and Adam Barth posted some on the wiki: Expandable Advertisement: A publisher wishes to display an advertisement that expands when the user interacts with the advertisement. Today, the common practice is for the advertising network to run

Re: [whatwg] Making cross-origin iframe seamless= (partly) usable

2012-12-03 Thread Adam Barth
On Fri, Nov 30, 2012 at 6:57 PM, Ian Hickson i...@hixie.ch wrote: On Sat, 26 May 2012, Adam Barth wrote: [CSP] CSP doesn't seem to include any features that would let you limit who is allowed to iframe you, so I don't think CSP as designed today provides a solution for the per-origin part.

[whatwg] Making cross-origin iframe seamless= (partly) usable

2012-11-30 Thread Ian Hickson
This thread discussed solutions for, amongst others, the following use cases, provided to me off-list by Steven Wittens: A first huge use case is Facebook Apps, which are inserted using iframes. They currently use ugly cross-frame communication methods to shrink-wrap and auto-size the