W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2012

Re: [webappsec] Updated proposal for CORS security considerations

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 15 Feb 2012 10:28:37 +0100
To: "public-webappsec@w3.org" <public-webappsec@w3.org>, "Hill, Brad" <bhill@paypal-inc.com>
Message-ID: <op.v9pq9zbc64w2qv@annevk-macbookpro.local>
On Wed, 15 Feb 2012 00:20:30 +0100, Hill, Brad <bhill@paypal-inc.com>  
wrote:
> Looks great to me.  Thanks, Anne.  A few folks wanted a bit more time to  
> review this on the call today, so will take up a formal resolution to go  
> to LC on the next call.

Sounds good.

Besides this I also changed the way the various flags work in the  
specification (turned them into actual flags rather than having boolean  
values) so maybe people could have a look at that too. It should all be  
slightly more clear now. The CORS manual redirect flag is not in use by  
the way, but might be used by XMLHttpRequest at some point.

I also fixed an issue with the force preflight flag that was raised on the  
public-webapps list in December:  
http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0720.html

If people find new issues please file bug reports.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 15 February 2012 09:29:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 15 February 2012 09:29:14 GMT