W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: CORS & ISSUE-108

From: Tyler Close <tyler.close@gmail.com>
Date: Tue, 23 Nov 2010 15:05:02 -0800
Message-ID: <AANLkTikbD_GK41vE955n8ukRRx4NGfzDRmn4MS=QWyvo@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: WebApps WG <public-webapps@w3.org>
My recollection of the status of ISSUE-108 is that CORS was going to
provide functionality equivalent to that of UMP when the CORS
credentials flag is false. CORS was also also going to expand its
Security Considerations section to explain the Confused Deputy issues,
possibly by borrowing text from UMP. Are you saying that work has been
completed or it will not be undertaken? The current editor's draft of
CORS does mention a credentials flag, but I haven't found much detail
on it. For example, what effect does it have on use of the browser's
request cache?

--Tyler

On Wed, Nov 17, 2010 at 6:40 AM, Anne van Kesteren <annevk@opera.com> wrote:
> http://www.w3.org/2008/webapps/track/issues/108 has been open for a year and
> we have made little concrete progress on it unfortunately. Meanwhile, CORS
> is shipping, deployed and nobody is planning to take it out or down as far
> as I know. I think it is time to move on and go to Last Call.
>
> I am open to spending a few more days on finding a solution to this problem
> we can all agree with, but if we have nothing by December 1 and at that
> point it does not seem likely it will get anywhere we should go for a Last
> Call CfC (or maybe straight to a formal vote) and call it a day.
>
>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>
>
Received on Tuesday, 23 November 2010 23:05:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT