W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2012

RE: email threads wrt comments on Cross-Origin Resource Sharing (CORS)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Tue, 18 Dec 2012 01:42:54 +0000
To: =JeffH <Jeff.Hodges@KingsMountain.com>, W3C Web App Security WG <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E306AF6@DEN-EXDDA-S12.corp.ebay.com>
Jeff,

  As part of the change set detailed in the recent Call for Consensus at:

http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/0072.html 

 I believe I resolved many or all of the concerns indicated in the summary email below.

 One change that was rejected was inclusion of a diagram in the specification, on discussion on the list that a diagram would be appropriate in a learning resource like the Web Platform Docs but that producing a correct and mutually agreeable one need not hold up CORS's finalization.

  You did not object during the call for consensus, but as part of assuring that all comments have been resolved and demonstrating CORS's readiness for Candidate Recommendation, can you please reply to the list either acknowledging that the edits noted at the above link satisfy the issues described in your below email, or which, if any, you consider to still be outstanding?

Thank you,

Brad Hill

> -----Original Message-----
> From: =JeffH [mailto:Jeff.Hodges@KingsMountain.com]
> Sent: Tuesday, June 19, 2012 4:35 PM
> To: W3C Web App Security WG
> Subject: email threads wrt comments on Cross-Origin Resource Sharing
> (CORS)
> 
> Per EKR's request on the call today, here's pointers to the extant
> messages/threads concerning BHIll's and my comments on Cross-Origin
> Resource Sharing (CORS) (BHIll's origination of the security considerations
> section is down at the end under "ancient history")
> 
> HTH,
> 
> =JeffH
> ------
> 
> comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012    (JeffH)
> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0006.html
> 
> [cors] hey hey   (annevk)
> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0068.html
> 
> RE: [cors] hey hey    (hill, brad)
> (proposed incorporation of JeffH's comments)
> http://lists.w3.org/Archives/Public/public-webappsec/2012May/0069.html
> 
> 
> [ Re: [cors] hey hey    (annevk, JeffH -- two simply coordination messages
> elided) ]
> 
> 
> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
> hey
> hey)  (JeffH)
> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0012.html
> 
> 
> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012
> (annevk)
> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0016.html
> 
> 
> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
> hey
> hey) (annevk)
> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0017.html
> 
> 
> Re: comments on Cross-Origin Resource Sharing (CORS) of 3-Apr-2012 (was:
> hey
> hey) (JeffH)
> http://lists.w3.org/Archives/Public/public-webappsec/2012Jun/0027.html
> 
> 
> 
> 
> --------------------------------------------------------------------
> ancient history -- origination of the CORS security considerations section:
> 
> 
> Security Considerations for CORS with credentials
> http://lists.w3.org/Archives/Public/public-webappsec/2011Dec/0036.html
> 
> RE: Security Considerations for CORS with credentials
> http://lists.w3.org/Archives/Public/public-webappsec/2012Jan/0006.html
> 
> 
> Updated proposal for CORS security considerations
> http://lists.w3.org/Archives/Public/public-webappsec/2012Feb/0021.html
> [+ 4 other messages in thread ]
> 
> --------------------------------------------------------------------
Received on Tuesday, 18 December 2012 01:43:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 18 December 2012 01:43:29 GMT