W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Soliciting reviews for Cross-Origin Resource Sharing

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 6 Apr 2009 19:34:30 +1000
Message-Id: <39352C55-433F-4FCB-BF3C-C1EE5DD43571@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
Members of the WebApps WG in the W3C have brought Cross-Origin  
Resource Sharing (CORS) to my attention, and asked for review/input  
from IETF folks.

http://www.w3.org/TR/2009/WD-cors-20090317/

> This document defines a mechanism to enable client-side cross-origin  
> requests. Specifications that want to enable cross-origin requests  
> in an API they define can use the algorithms defined by this  
> specification. If such an API is used on http://example.org  
> resources, a resource on http://hello-world.example can opt in using  
> the mechanism described by this specification (e.g., specifying  
> Access-Control-Allow-Origin: http://example.org as response header),  
> which would allow that resource to be fetched cross-origin from http://example.org 
> .


For those who have seen this work before, it has apparently changed  
significantly in its lifetime, so it's probably worth another look.

The document's status section contains information about how to  
provide feedback to them. While this WG doesn't have a mechanism to  
provide a forma review of the document, it may be worth briefly  
discussing its HTTP-specific aspects here.

Cheers,

--
Mark Nottingham     http://www.mnot.net/
Received on Monday, 6 April 2009 09:35:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:02 GMT