Should Chrome start supporting the `ALLOW-FROM` value for `X-Frame-Options`?
My impression from discussions was that the privacy invasion was the stated _point_ of ancestorOrigins.
-
-
the point of the API is to say: I think my parent is X, but I want to make sure.
-
OK. So the "assert" version would be "if my parent is not X, just unload me" or something?
- 4 more replies
New conversation -
-
-
:
@cramforce wants to control the way pages are embedded. You'd preventing pages from learning about their cross-origin ancestors. -
: Both goals seem reasonable. If there's a better shape for the API that fits the problem better, I'm all ears. :)
@cramforce - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.