2011/1/8 Jérémie Roquet <[email protected]>: > Both of them use a trick with an iframe to allow javascript requests > across the wikipedia.org subdomains (something that is not possible > using AJAX).
It would be possible if we started using CORS, at least in recent enough browsers. > - Does anybody know if having X-Frame-Options set to SAMEORIGIN would > allow such tricks while still preventing clickjacking attacks from > other domains (the actual question is: `would it work'?) en.wikipedia.org is not the same origin as fr.wikipedia.org. > Any other idea on how to make such tools work again would of course be > highly appreciated. I'm not very knowledgeable in this sort of thing, I'm afraid. HTML5's postMessage() might be useful. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
