[Building Sakai] Discussion how to handle X-Frame in the New IFrame tool (SAK-21624)
Matthew Jones
matthew at longsight.com
Wed Feb 6 21:38:32 PST 2013
It looks like you can set an onload on the iframe and see if it worked or
not from javascript.
http://javascript.info/tutorial/same-origin-security-policy
In modern browsers you can do this dynamically, but for older versions of
IE it seems like it has to be inline.
http://stackoverflow.com/questions/4334520/load-event-for-iframe-not-fired-in-ie
It would maybe either have to try to load the page in a hidden iframe or
try to load the page and switch to popup if it fails? This seems like it
might be better than having the server check the URLs, though if the server
checked it could scan for all the images on the page and make a nice
preview image for the popup link like Facebook does. ;)
On Thu, Feb 7, 2013 at 12:24 AM, Charles Severance <csev at umich.edu> wrote:
> As I prepare to move the new portlet-based iframe tool back to the trunk,
> it is time to think about how to handle X-frame support.
>
> Clearly the idea is that Sakai will check the to-be launched URL destined
> for an iframe, and if it is somewhere other than the current server, do a
> HEAD request to the URL, wait about a second, and then based on the X-Frame
> setting, either put it in an iframe or force a pop-up. Of course if the
> user indicated "pop-up" - then there is no need to check.
>
> So - should this be done each time a user selects the tool? Or should
> this be done once each time the URL is changed and stored in a property?
> Do we expect this value to change form launch to launch?
>
> How long should we wait for a timeout as a default? If we wait 5 seconds,
> it might make the page seem really slow. We *could* do this via Ajax - it
> would be tricky - I would prefer to do it server-to-server for maximum
> quickness.
>
> Should I do the same for Basic LTI? How should I do it? Of course that
> is a bit weird because BLTI is started vis POST and not a GET and many of
> the launch URLs return an error message if the secret does not match. LTI
> is trickier....
>
> Thoughts/comments?
>
> /Chuck
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130207/709f1e1a/attachment.html
More information about the sakai-dev
mailing list