[theora] <video/> and cross site scripting policy.

Chris Double chris.double at double.co.nz
Thu Nov 6 17:24:34 PST 2008

On Fri, Nov 7, 2008 at 2:21 PM, Silvia Pfeiffer
<silviapfeiffer1 at gmail.com> wrote:
> So does this mean that in the current situation, where no servers
> support the header, the <video/> element will be useless because it
> will not allow any video to be played?

If they host the video on the same domain as the page containing
<video> then it will play. If not, then they'll have to somehow get
their server to send the header. This is relatively easy using apache
and .htaccess assuming the person has control over the server. Of
course, there is the potential of error and them opening up their
entire site to cross domain acess.


More information about the theora mailing list