W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call]

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 07 Apr 2010 16:22:04 +0200
To: "Arthur Barstow" <art.barstow@nokia.com>
Cc: public-webapps <public-webapps@w3.org>, "Tyler Close" <tyler.close@gmail.com>
Message-ID: <op.vasp62pg64w2qv@annevk-t60>
On Wed, 07 Apr 2010 16:06:55 +0200, Arthur Barstow <art.barstow@nokia.com>  
wrote:
> What is the status and plan to get CORS ready for Last Call?

I've mostly been waiting to see what happens with UMP. What I've heard so  
far from various implementors is that they want to keep CORS and add the  
ability to XMLHttpRequest for credential-less requests via the  
constructor. But I might be missing something.


> I see the following related "Raised" Issues:
>
>   Reduce the length of the header names?
>   http://www.w3.org/2008/webapps/track/issues/89

This is not possible I think. SPDY or some such should be of help here.  
Anyway, it is still open because mnot wanted some kind of official WG  
decision.


>   Exposing more (~infinite) response headers
>   http://www.w3.org/2008/webapps/track/issues/90

I've been trying to find out which solution implementors prefer, but  
without much luck so far.


>   confused deputy problem
>   http://www.w3.org/2008/webapps/track/issues/108

We discussed this to death.


>   CORS does not define the effect of the credentials flag in sufficient  
> detail
>   http://www.w3.org/2008/webapps/track/issues/114

I defined this.


> And the latest ED includes 3 "red block" Issues.

They all indicate the need for other specifications to move forward. URL,  
HTTP, and whatever specification ends up defining origin. I.e. editorial  
and should in theory not block progress.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 7 April 2010 14:23:04 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT