W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2010

Re: CORS & ISSUE-108

From: Dirk Pranke <dpranke@chromium.org>
Date: Tue, 23 Nov 2010 15:41:10 -0800
Message-ID: <AANLkTi=23MnPfUgwN=RYu5ry_n6i4XAXAFjgFJHckTXK@mail.gmail.com>
To: Tyler Close <tyler.close@gmail.com>
Cc: Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
My recollection matches Tyler's. At one point I volunteered to work on
the Security Considerations section and did a draft, but sadly got
distracted by other things. I can attempt to dust that draft off and
try again if that is useful.

-- Dirk

On Tue, Nov 23, 2010 at 3:05 PM, Tyler Close <tyler.close@gmail.com> wrote:
> My recollection of the status of ISSUE-108 is that CORS was going to
> provide functionality equivalent to that of UMP when the CORS
> credentials flag is false. CORS was also also going to expand its
> Security Considerations section to explain the Confused Deputy issues,
> possibly by borrowing text from UMP. Are you saying that work has been
> completed or it will not be undertaken? The current editor's draft of
> CORS does mention a credentials flag, but I haven't found much detail
> on it. For example, what effect does it have on use of the browser's
> request cache?
>
> --Tyler
>
> On Wed, Nov 17, 2010 at 6:40 AM, Anne van Kesteren <annevk@opera.com> wrote:
>> http://www.w3.org/2008/webapps/track/issues/108 has been open for a year and
>> we have made little concrete progress on it unfortunately. Meanwhile, CORS
>> is shipping, deployed and nobody is planning to take it out or down as far
>> as I know. I think it is time to move on and go to Last Call.
>>
>> I am open to spending a few more days on finding a solution to this problem
>> we can all agree with, but if we have nothing by December 1 and at that
>> point it does not seem likely it will get anywhere we should go for a Last
>> Call CfC (or maybe straight to a formal vote) and call it a day.
>>
>>
>> --
>> Anne van Kesteren
>> http://annevankesteren.nl/
>>
>>
>
>
Received on Tuesday, 23 November 2010 23:41:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT