If you can see my Google Talk Badge on the right, either you’re browsing with anything else than IE8/Chrome/Safari/Firefox+NoScript, or the issue we’re talking about has already been fixed by Google. Edit 7 Dec 2009: the issue has been fixed, so I’ve removed my badge to prevent a spam flood.
Otherwise, you’re getting an error page (hard to read, since it’s embedded in a tiny frame) — or a blank one if you’re on Chrome — because Google is sending down a X-Frame-Options HTTP header with value
Now, Google playing the early adopter of bleeding edge security technologies like
On a side note, users can easily disable NoScript’s implementation of
posting ini saya ambil dari :
http://hackademix.net/2009/12/02/google-talk-badges-vs-x-frame-options/
asli tanpa perubahan dan terjemahan.
Otherwise, you’re getting an error page (hard to read, since it’s embedded in a tiny frame) — or a blank one if you’re on Chrome — because Google is sending down a X-Frame-Options HTTP header with value
SAMEORIGIN
, allowing only pages served from www.google.com to embed this badge.Now, Google playing the early adopter of bleeding edge security technologies like
X-Frame-Options
or STS, both in its browser and in its web properties, is really great because it speeds up their acceptance hugely, making the whole web safer. But if the service you’re offering is based on cross-site frames, you’d better keep them enabled ;-)On a side note, users can easily disable NoScript’s implementation of
X-Frame-Options
, if needed, via about:config preferences: either globally (noscript.frameOptions.enabled) or per-embedding-site (noscript.frameOptions.parentWhitelist). Don’t worry, ClearClick will still be watching your back…posting ini saya ambil dari :
http://hackademix.net/2009/12/02/google-talk-badges-vs-x-frame-options/
asli tanpa perubahan dan terjemahan.
Post a Comment
Write You comment here! Please...