Skip to main content

Google Talk Badges vs X-Frame-Options

If you can see my Google Talk Badge on the right, either you’re browsing with anything else than IE8/Chrome/Safari/Firefox+NoScript, or the issue we’re talking about has already been fixed by Google. Edit 7 Dec 2009: the issue has been fixed, so I’ve removed my badge to prevent a spam flood.

Otherwise, you’re getting an error page (hard to read, since it’s embedded in a tiny frame) — or a blank one if you’re on Chrome — because Google is sending down a X-Frame-Options HTTP header with value SAMEORIGIN, allowing only pages served from www.google.com to embed this badge.

Now, Google playing the early adopter of bleeding edge security technologies like X-Frame-Options or STS, both in its browser and in its web properties, is really great because it speeds up their acceptance hugely, making the whole web safer. But if the service you’re offering is based on cross-site frames, you’d better keep them enabled ;-)

On a side note, users can easily disable NoScript’s implementation of X-Frame-Options, if needed, via about:config preferences: either globally (noscript.frameOptions.enabled) or per-embedding-site (noscript.frameOptions.parentWhitelist). Don’t worry, ClearClick will still be watching your back…



posting ini saya ambil dari :

http://hackademix.net/2009/12/02/google-talk-badges-vs-x-frame-options/

asli tanpa perubahan dan terjemahan.

Comments

Popular posts from this blog

Kivandanu, Could one of our premium services help you?

http://srudut.com 2011/2/22 John Dalt < John@galtstock.com > You are receiving this message, because you have subscribed to the newslettera1 newsletter on Monday, January 17th, 2011. To ensure that you continue to receive emails from us, add John@galtstock.com to your address book promptly.         Galtstock       Research for Online Investors HOME       ARCHIVE     NEWS      RESOURCES       DIVERSIONS Monday Morning The market set a new 52-week high Friday...where does it end?  Today reports out of Libya don't sound promising.  Protesters have burned the General Assembly building.  BP is evacuating their personnel. Guddafi is reported to be heading to Venezuela. There were also reports yesterday of protests in China.  The police quickly arrested any suspicious actors.  Suffice it to say, this is not a market you can buy and forget.   There are plenty of moving pieces to keep track of...problems and opportuni

Download Qari/Reciters and Translations, Al-Quran ReadPen Data

  Al-Quran ReadPen Data Download Qori/Reciters and Translations   Qori/Reciter Files Sr. Qori/Reciter Name File Size Updates 01. Al Sheikh Ali Abdul Rahman Al Huzaifi 222 MB 17 Mar 2012 02. Al Sheikh Abdul Basit 'Abd us-Samad 387 MB 19 Mar 2012 03. Al Sheikh Mishary bin Rashid Al-Afasy 228 MB 13 Mar 2012 04. Al Sheikh Ahmad Ali Mohammad ‘al Soulayman Al Ajamy 212 MB 17 Mar 2012 05. Al Sheikh Salaah bin Muhammad Al Budair 164 MB 17 Mar 2012 06. Al Sheikh Mohammed Al-Alim Al-Dokhail 417 MB 07 Oct 2011 07. Al Sheikh Sa’ad Al-Ghamdi 201 MB 13 Mar 2012 08. Al Sheikh Mahmoud Khal