I recommend reading the relevant Internet-Draft:
http://tools.ietf.org/html/draft-gondrom-frame-options-01
The draft formalizeds X-Frame-Options as Frame-Options. The issue is on the
side of the headers' technical design.
Regards,
--
Thomas Roessler, W3C <[email protected]> (@roessler)
On Jul 22, 2011, at 17:52 , J Ross Nicoll wrote:
> In my opinion, we should not be supporting X-* headers any more than
> absolutely necessary, so phasing out X-Frame-Options in preference of
> From-Origin would be the correct way to go. I'm aware this does mean a
> cross-over period where servers are likely to have to provide both
> headers, and it might be worth specifying what is expected if both are
> present and conflict (use From-Origin in preference to X-Frame-Options,
> perhaps).
>
> Ross
>
> On 22/07/2011 16:08, "Anne van Kesteren" <[email protected]> wrote:
>
>> Hi,
>>
>> The WebApps WG published the From-Origin header proposal as FPWD:
>>
>> http://www.w3.org/TR/from-origin/
>>
>> The main open issue is whether X-Frame-Options should be replaced by this
>>
>> header or should absorb its functionality somehow.
>>
>> Cheers,
>>
>>
>> --
>> Anne van Kesteren
>> http://annevankesteren.nl/
>>
>
>
>
>
