Update on the URL Bit in IMS Basic LTI
csev
launch_presentation_css_url=http://www.toolconsumer.url/path/to/lti.css
There are no rules or pre-defined classes but the consumer can do things like style the body, forms, paragraphs, etc.
Scott Wilson
/Chuck--
You received this message because you are subscribed to the Google Groups "IMS Developer Mailing List" group.
To post to this group, send email to ims...@googlegroups.com.
To unsubscribe from this group, send email to ims-dev+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/ims-dev?hl=en.
csev
There are no rules or pre-defined classes but the consumer can do things like style the body, forms, paragraphs, etc.Wouldn't that fall foul of the SOP?
Scott Wilson
csev
/Chuck
Scott Wilson
On 1 Jun 2010, at 19:54, csev wrote:
> Scott, most of my testing to date is that browsers *completely* ignore Same Origin Policy when dealing with CSS. Have I missed something?
No, I just got the same results when I tried it. I assumed this had been closed up after the eBay attack last year that used external CSS, but it appears not.
Seems there is some debate in the Mozilla community about whether to block cross-origin CSS loading. The YUI documentation also seems to assume that external CSS links are subject to SOP.
May have to dig a little deeper on this one.
>
> /Chuck
>
> On Jun 1, 2010, at 11:31 AM, Scott Wilson wrote:
>
>> Same Origin Policy.
>>
>> You can't link to a CSS resource from a different origin than the host document, so this parameter can't be used without either a server-side proxy or CORS headers.
>