[Building Sakai] Web Content and X-Frame-Options
csev
csev at umich.edu
Thu Dec 29 13:30:18 PST 2011
Sam,
I think that the right approach is to switch to a JSR-168 version of the content tool. This solves several problems:
(a) Allows a real pop-up (i.e. not a popup of a window that has a frame within a frame)
(b) Eliminates a frame when the content is rendered directly.
I have been thinking about it for a while - here
https://jira.sakaiproject.org/browse/SAK-12563
There is actually working code sitting in trunk - I use a JSR-168 iframe tool to support the "Put a LTI tool in the Left tool bar". It is pretty well developed. But to move to becoming a complete replacement for the web content tool requires a lot of testing of all the really arcane use cases. I was not about to take on all the use cases as I don't even know.
If it could be detected - it would be great to automatically switch to a popup.
I think proxy won't work.
/Chuck
On Dec 29, 2011, at 2:37 PM, Sam Ottenhoff wrote:
> It looks like more and more top sites are starting to use the HTTP header X-Frame-Options set to SAMEORIGIN.
>
> The effect on Sakai is that our Web Content tool iframes external content and this header will prevent the content from loading. Try adding a Web Content tool from www.google.com, www.youtube.com, or twitter.com. In a recent browser like Firefox 8, the iframe will not render.
>
> What are the preferred solutions?
>
> 1) Change Web Content into a proxy instead of a pure iframe?
>
> 2) Detect this header and tell the user it's impossible?
>
> 3) New option in Web Content to grant a full window to a Web Content tool instead of an iframe?
>
> --Sam
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20111229/c9e1ff4b/attachment.html
More information about the sakai-dev
mailing list