2009/6/9 Anne van Kesteren <[email protected]>: > On Tue, 09 Jun 2009 21:15:18 +0200, Tyler Close <[email protected]> wrote: >> Could you provide a code example that shows how to send an XHR request >> to the same Origin without credentials using the HTML5 <iframe> >> element? > > <iframe sandbox="allow-scripts" src="..."></iframe> > > where ... is some page that does an XMLHttpRequest to the a page that is same > origin with the page that contains the <iframe>. (The page being fetched will > have to specify Access-Control-Allow-Origin:* as the request is coming from a > unique origin by virtue of the sandbox attribute. The request will include an > Origin header but the value will always be null.) > > Also, if the document="" or some such attribute is introduced the code will > no longer have to be on a separate page.
You don't need document="", as long as all browsers implement data: URIs. > > -- > Anne van Kesteren > http://annevankesteren.nl/ > >
