3/31/2024 0 Comments Tumblr iframe html codeThe value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions: allow-downloadsĪllows downloading files through an or element with the download attribute, as well as through the navigation that leads to a download of a file. sandboxĬontrols the restrictions applied to the content embedded in the. This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins. The referrer will include the origin and the path (but not the fragment, password, or username). Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP). strict-origin-when-cross-origin (default) Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP). same-originĪ referrer will be sent for same origin, but cross-origin requests will contain no referrer information. Navigations on the same origin will still include the path. The referrer sent to other origins will be limited to the scheme, the host, and the port. The sent referrer will be limited to the origin of the referring page: its scheme, host, and port. The Referer header will not be sent to origins without TLS ( HTTPS). Indicates which referrer to send when fetching the frame's resource: no-referrer This can be used in the target attribute of the, , or elements the formtarget attribute of the or elements or the windowName parameter in the window.open() method. Note: Loading is only deferred when JavaScript is enabled.Ī targetable name for the embedded browsing context. This improves the performance and cost in most typical use cases, in particular by reducing initial page load times. The intent is to avoid using the network and storage bandwidth required to fetch the frame until the browser is reasonably certain that it will be needed. lazyĭefer loading of the iframe until it reaches a calculated distance from the visual viewport, as defined by the browser. Load the iframe immediately on page load (this is the default value). Indicates when the browser should load the iframe: eager csp ExperimentalĪ Content Security Policy enforced for the embedded resource. See IFrame credentialless for more details. In return, the Cross-Origin-Embedder-Policy (COEP) embedding rules can be lifted, so documents with COEP set can embed third-party documents that do not. It uses a new context local to the top-level document lifetime. It doesn't have access to the network, cookies, and storage data associated with its origin. Set to true to make the credentialless, meaning that its content will be loaded in a new, ephemeral context. See Using the Topics API for more details. browsingtopics Experimental Non-standardĪ boolean attribute that, if present, specifies that the selected topics for the current user should be sent with the request for the 's source. Note: This attribute is considered a legacy attribute and redefined as allow="payment". Allowing cross-origin use of images and canvas.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |