Skip to site navigation (Press enter)
Re: [blink-dev] Intent to Ship: Responsively-sized
</span></a></span> </h1> <p class="darkgray font13"> <span class="sender pipe"><a href="/search?l=blink-dev@chromium.org&q=from:%22Vladimir+Levin%22" rel="nofollow"><span itemprop="author" itemscope itemtype="http://schema.org/Person"><span itemprop="name">Vladimir Levin</span></span></a></span> <span class="date"><a href="/search?l=blink-dev@chromium.org&q=date:20260520" rel="nofollow">Wed, 20 May 2026 07:08:04 -0700</a></span> </p> </div> <div itemprop="articleBody" class="msgBody"> <!--X-Body-of-Message--> <pre>>From the explainer, the defense against malicious sites embedding an opted-in frame is mitigated by `X-Frame-Options`, but I suspect it's `Content-Security-Policy: frame-ancestors` that's needed here for cross-origin allowed embeds. Is that right?</pre><pre> Also the explainer mentions that possibly there's ideas to change the meta tag itself: > Additional restrictions could be put in place through contents of the <meta> tag that would restrict to only explicitly allowed origins. Out of curiosity, is this being pursued in future work or is CSP deemed enough? Thanks! Vlad On Mon, May 18, 2026 at 2:40 PM Alex Russell <slightly...@chromium.org> wrote: > In case nobody else says it, this is an *incredible* addition to the > platform. Thank you so much for making it happen. > > LGTM1, pending resolution to the spec PRs. > > On Sunday, May 17, 2026 at 6:40:23 PM UTC-7 Mike Taylor wrote: > >> On 5/14/26 5:43 a.m., Koji Ishii wrote: >> >> *Contact emails* >> chris...@chromium.org, ko...@chromium.org, ikilpatr...@chromium.org >> >> *Explainer* >> >> <a rel="nofollow" href="https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md">https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md</a> >> >> *Specification* >> <a rel="nofollow" href="https://drafts.csswg.org/css-sizing-4/#responsive-iframes">https://drafts.csswg.org/css-sizing-4/#responsive-iframes</a> >> >> I see there's also an open PR to define the meta element >> <a rel="nofollow" href="https://github.com/whatwg/html/pull/12444">https://github.com/whatwg/html/pull/12444</a> >> >> >> *Summary* >> Allow sites to opt into iframes having responsive sizing (sizing the >> <iframe> element in the parent document to the iframe document's layout >> overflow sizing, so that scrolling in the child document is avoided). >> >> *Blink component* >> Blink>Layout >> <<a rel="nofollow" href="https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ELayout%22">https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3ELayout%22</a>> >> >> *Web Feature ID* >> Missing feature >> >> *Motivation* >> This is a natural feature to have for iframes, when the site wants to >> render the iframe content so that it looks seamless with the parent frame >> and avoids scrollbars. >> >> *Initial public proposal* >> <a rel="nofollow" href="https://github.com/whatwg/html/issues/555">https://github.com/whatwg/html/issues/555</a> >> >> *TAG review* >> <a rel="nofollow" href="https://github.com/w3ctag/design-reviews/issues/1223">https://github.com/w3ctag/design-reviews/issues/1223</a> >> >> *TAG review status* >> Pending >> >> *Goals for experimentation* >> None >> >> *Risks* >> >> >> *Interoperability and Compatibility* >> *No information provided* >> >> *Gecko*: No signal ( >> <a rel="nofollow" href="https://github.com/mozilla/standards-positions/issues/1394">https://github.com/mozilla/standards-positions/issues/1394</a>) >> >> *WebKit*: No signal ( >> <a rel="nofollow" href="https://github.com/WebKit/standards-positions/issues/653">https://github.com/WebKit/standards-positions/issues/653</a>) >> >> *Web developers*: No signals Plenty of developer demand is expressed in >> the feature request standards issues: >> <a rel="nofollow" href="https://github.com/whatwg/html/issues/555">https://github.com/whatwg/html/issues/555</a> >> <a rel="nofollow" href="https://github.com/w3c/csswg-drafts/issues/1771">https://github.com/w3c/csswg-drafts/issues/1771</a> >> <a rel="nofollow" href="https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md#use-cases">https://github.com/w3c/csswg-drafts/blob/main/css-sizing-4/responsive-iframes-explainer.md#use-cases</a> >> >> *Other signals*: >> >> *WebView application risks* >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> *No information provided* >> >> >> *Debuggability* >> *No information provided* >> >> *Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, ChromeOS, Android, and Android WebView)?* >> Yes >> >> *Is this feature fully tested by web-platform-tests >> <<a rel="nofollow" href="https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md">https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md</a>>?* >> Yes >> >> <a rel="nofollow" href="https://wpt.fyi/results/css/css-sizing/responsive-iframe?label=experimental&label=master&aligned">https://wpt.fyi/results/css/css-sizing/responsive-iframe?label=experimental&label=master&aligned</a> >> >> *Flag name on about://flags* >> responsive-iframes >> >> *Finch feature name* >> ResponsiveIframes >> >> *Rollout plan* >> Will ship enabled for all users >> >> *Requires code in //chrome?* >> False >> >> *Tracking bug* >> <a rel="nofollow" href="https://issues.chromium.org/issues/418397278">https://issues.chromium.org/issues/418397278</a> >> >> *Estimated milestones* >> Shipping on desktop 150 >> Shipping on Android 150 >> Shipping on WebView 150 >> >> *Anticipated spec changes* >> >> Open questions about a feature may be a source of future web compat or >> interop issues. Please list open issues (e.g. links to known github issues >> in the project for the feature specification) whose resolution may >> introduce web compat/interop risk (e.g., changing to naming or structure of >> the API in a non-backward-compatible way). >> <a rel="nofollow" href="https://github.com/w3c/csswg-drafts/issues/13589">https://github.com/w3c/csswg-drafts/issues/13589</a> - cross-origin case >> left a possibility of change: "RESOLVED: Check with security folks whether >> cross-origin case leaking info is an issue that needs mitigation" >> >> *Link to entry on the Chrome Platform Status* >> <a rel="nofollow" href="https://chromestatus.com/feature/5108373464547328?gate=5102892096421888">https://chromestatus.com/feature/5108373464547328?gate=5102892096421888</a> >> >> *Links to previous Intent discussions* >> Intent to Prototype: >> <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/682bb3fa.2b0a0220.146035.00b7.GAE%40google.com">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/682bb3fa.2b0a0220.146035.00b7.GAE%40google.com</a> >> >> >> This intent message was generated by Chrome Platform Status >> <<a rel="nofollow" href="https://chromestatus.com/">https://chromestatus.com/</a>>. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHe_1dKm%3DLFTKhRKHV9m4fJsqYnw6M0YwGP63DNg%3DkUcv%2BAeQQ%40mail.gmail.com">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHe_1dKm%3DLFTKhRKHV9m4fJsqYnw6M0YwGP63DNg%3DkUcv%2BAeQQ%40mail.gmail.com</a> >> <<a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHe_1dKm%3DLFTKhRKHV9m4fJsqYnw6M0YwGP63DNg%3DkUcv%2BAeQQ%40mail.gmail.com?utm_medium=email&utm_source=footer">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHe_1dKm%3DLFTKhRKHV9m4fJsqYnw6M0YwGP63DNg%3DkUcv%2BAeQQ%40mail.gmail.com?utm_medium=email&utm_source=footer</a>> >> . >> >> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aa96be3c-2a10-47e5-b4f4-2416625bbf3an%40chromium.org">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aa96be3c-2a10-47e5-b4f4-2416625bbf3an%40chromium.org</a> > <<a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aa96be3c-2a10-47e5-b4f4-2416625bbf3an%40chromium.org?utm_medium=email&utm_source=footer">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aa96be3c-2a10-47e5-b4f4-2416625bbf3an%40chromium.org?utm_medium=email&utm_source=footer</a>> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit <a rel="nofollow" href="https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M8jUvMfT3BhzD6YpteWRK15nQzL9tyVuCBe2EgyboPaw%40mail.gmail.com">https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADsXd2M8jUvMfT3BhzD6YpteWRK15nQzL9tyVuCBe2EgyboPaw%40mail.gmail.com</a>. </pre> </div> <div class="msgButtons margintopdouble"> <ul class="overflow"> <li class="msgButtonItems"><a class="button buttonleft " accesskey="p" href="msg16547.html">Previous message</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="c" href="index.html#16566">View by thread</a></li> <li class="msgButtonItems textaligncenter"><a class="button" accesskey="i" href="maillist.html#16566">View by date</a></li> <li class="msgButtonItems textalignright"><a class="button buttonright " accesskey="n" href="msg16582.html">Next message</a></li> </ul> </div> <a name="tslice"></a> <div class="tSliceList margintopdouble"> <ul class="icons monospace"> <li class="icons-email"><span class="subject"><a href="msg16532.html">[blink-dev] Intent to Ship: Responsively-sized <iframe&g...</a></span> <span class="sender italic">Koji Ishii</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16543.html">Re: [blink-dev] Intent to Ship: Responsively-sized <...</a></span> <span class="sender italic">Mike Taylor</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16547.html">Re: [blink-dev] Intent to Ship: Responsively-sized...</a></span> <span class="sender italic">Alex Russell</span></li> <li><ul> <li class="icons-email tSliceCur"><span class="subject">Re: [blink-dev] Intent to Ship: Responsively-s...</span> <span class="sender italic">Vladimir Levin</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16582.html">Re: [blink-dev] Intent to Ship: Responsive...</a></span> <span class="sender italic">Koji Ishii</span></li> <li><ul> <li class="icons-email"><span class="subject"><a href="msg16585.html">Re: [blink-dev] Intent to Ship: Respo...</a></span> <span class="sender italic">一丝</span></li> </ul> </ul> </ul> </ul> </ul> </ul> </div> <div class="overflow msgActions margintopdouble"> <div class="msgReply" > <h2> Reply via email to </h2> <form method="POST" action="/mailto.php"> <input type="hidden" name="subject" value="Re: [blink-dev] Intent to Ship: Responsively-sized <iframe>"> <input type="hidden" name="msgid" value="CADsXd2M8jUvMfT3BhzD6YpteWRK15nQzL9tyVuCBe2EgyboPaw@mail.gmail.com"> <input type="hidden" name="relpath" value="blink-dev@chromium.org/msg16566.html"> <input type="submit" value=" Vladimir Levin "> </form> </div> </div> </div> <div class="aside" role="complementary"> <div class="logo"> <a href="/"><img src="/logo.png" width=247 height=88 alt="The Mail Archive"></a> </div> <form class="overflow" action="/search" method="get"> <input type="hidden" name="l" value="blink-dev@chromium.org"> <label class="hidden" for="q">Search the site</label> <input class="submittext" type="text" id="q" name="q" placeholder="Search blink-dev"> <input class="submitbutton" name="submit" type="image" src="/submit.png" alt="Submit"> </form> <div class="nav margintop" id="nav" role="navigation"> <ul class="icons font16"> <li class="icons-home"><a href="/">The Mail Archive home</a></li> <li class="icons-list"><a href="/blink-dev@chromium.org/">blink-dev - all messages</a></li> <li class="icons-about"><a href="/blink-dev@chromium.org/info.html">blink-dev - about the list</a></li> <li class="icons-expand"><a href="/search?l=blink-dev@chromium.org&q=subject:%22Re%5C%3A+%5C%5Bblink%5C-dev%5C%5D+Intent+to+Ship%5C%3A+Responsively%5C-sized+%3Ciframe%3E%22&o=newest&f=1" title="e" id="e">Expand</a></li> <li class="icons-prev"><a href="msg16547.html" title="p">Previous message</a></li> <li class="icons-next"><a href="msg16582.html" title="n">Next message</a></li> </ul> </div> <div class="listlogo margintopdouble"> </div> <div class="margintopdouble"> </div> </div> </div> <div class="footer" role="contentinfo"> <ul> <li><a href="/">The Mail Archive home</a></li> <li><a href="/faq.html#newlist">Add your mailing list</a></li> <li><a href="/faq.html">FAQ</a></li> <li><a href="/faq.html#support">Support</a></li> <li><a href="/faq.html#privacy">Privacy</a></li> <li class="darkgray">CADsXd2M8jUvMfT3BhzD6YpteWRK15nQzL9tyVuCBe2EgyboPaw@mail.gmail.com</li> </ul> </div> </body> </html>