[Building Sakai] Discussion how to handle X-Frame in the New IFrame tool (SAK-21624)
Charles Severance
csev at umich.edu
Wed Feb 6 21:24:16 PST 2013
As I prepare to move the new portlet-based iframe tool back to the trunk, it is time to think about how to handle X-frame support.
Clearly the idea is that Sakai will check the to-be launched URL destined for an iframe, and if it is somewhere other than the current server, do a HEAD request to the URL, wait about a second, and then based on the X-Frame setting, either put it in an iframe or force a pop-up. Of course if the user indicated "pop-up" - then there is no need to check.
So - should this be done each time a user selects the tool? Or should this be done once each time the URL is changed and stored in a property? Do we expect this value to change form launch to launch?
How long should we wait for a timeout as a default? If we wait 5 seconds, it might make the page seem really slow. We *could* do this via Ajax - it would be tricky - I would prefer to do it server-to-server for maximum quickness.
Should I do the same for Basic LTI? How should I do it? Of course that is a bit weird because BLTI is started vis POST and not a GET and many of the launch URLs return an error message if the secret does not match. LTI is trickier....
Thoughts/comments?
/Chuck
More information about the sakai-dev
mailing list