Should Chrome start supporting the `ALLOW-FROM` value for `X-Frame-Options`?
-
-
: That is, A -> B -> A is "sameorigin", though B might be malicious.
@cramforce@annevk -
Right, for that checking parent against a whitelist would be enough, as long as you do it in all A pages.
- 1 more reply
New conversation -
-
-
: I'm not thrilled with `X-Frame-Options` precisely because it only checks the top-level document's origin.
@cramforce@annevkThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.