The header is used to allow cross domain requests in IE through iframes. I’ve tested adding this, and my code executes as expected now in IE.
What possible harm could come from adding this header?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The header is used to allow cross domain requests in IE through iframes. I’ve tested adding this, and my code executes as expected now in IE.
What possible harm could come from adding this header?
It depends… Do you trust everyone you frame? Do you trust everyone that are framing you? Do you know that I don’t frame you, and then alter the content of you page?
There is a proper HTML5 solution for this: postMessage (se e.g. http://html5demos.com/postmessage2). This lets you set up trust relationships etc.
jQuery even has a wrapper plugin that encapsulates this, and uses an #anchor trick if the browser does not support the HTML5 postMessage:
http://benalman.com/projects/jquery-postmessage-plugin/
http://plugins.jquery.com/plugin-tags/postmessage
Be security aware, don’t turn off browser-enabled security features… 🙂