On Thu, 12 Apr 2012 21:30:00 +0200, Ojan Vafai <[email protected]> wrote:
We should add a crossorigin property on iframe that causes the request to
use CORS. If it's an allowed cross-domain request, then the page should
have access to the DOM of the frame.
Also, seamless should work (assuming the CORS request succeeded of
course). One tricky thing here is that seamless needs to stop working if
the frame is navigated to a different origin to which it does not have
CORS access.
This cannot work. CORS only works for sharing a single resource. If you
expose a DOM on a different origin that *entire* origin would be exposed,
which would be way more than CORS allows for. You'll have to use a
postMessage()-based workaround I'm afraid.
--
Anne van Kesteren
http://annevankesteren.nl/
