In my opinion, we should not be supporting X-* headers any more than absolutely necessary, so phasing out X-Frame-Options in preference of From-Origin would be the correct way to go. I'm aware this does mean a cross-over period where servers are likely to have to provide both headers, and it might be worth specifying what is expected if both are present and conflict (use From-Origin in preference to X-Frame-Options, perhaps).
Ross On 22/07/2011 16:08, "Anne van Kesteren" <ann...@opera.com> wrote: >Hi, > >The WebApps WG published the From-Origin header proposal as FPWD: > > http://www.w3.org/TR/from-origin/ > >The main open issue is whether X-Frame-Options should be replaced by this > >header or should absorb its functionality somehow. > >Cheers, > > >-- >Anne van Kesteren >http://annevankesteren.nl/ >
