Fwd: [webappsec] CfC: Proposed non-normative updates to CORS

(Dang, just realized I forgot to include WebApps on this joint deliverable.)

Members of WebApps, please note the below Call for Consensus on proposed
non-normative updates to the CORS recommendation and comment on
public-webappsec@w3.org by Monday, August 10, 2015.

Thank you,

Brad Hill
co-chair, WebAppSec WG

---------- Forwarded message ---------
From: Brad Hill <hillbrad@gmail.com>
Date: Tue, Jun 30, 2015 at 2:05 PM
Subject: [webappsec] CfC: Proposed non-normative updates to CORS
To: public-webappsec@w3.org <public-webappsec@w3.org>


In response to https://www.w3.org/Bugs/Public/show_bug.cgi?id=28861 and
other requests, I would like to propose the following non-normative edits
to the CORS Recommendation. (http://www.w3.org/TR/cors/)

See attached file for the proposed publication-ready document including
these edits.

A detailed description of the proposed edits follows:

1) Remove text referring to expected changes in HTML5 and the HTTP Status
Code 308, as both have advanced to REC and RFC status, respectively.

2) Update the HTTP Status Code 308 reference to point to RFC7538

3) Remove text and links for implementation reports that are 404.

4) Add the following to the end of SOTD:

<p> Development of the CORS algorithm after 2013 has continued in the <a
href="https://fetch.spec.whatwg.org/">Fetch Living Standard</a>. </p>

5) Correct Section 6.2 Preflight Request, step 10, second Note, to
correctly refer to Access-Control-Request-Headers.

These changes do not impact the conformance characteristics of any user
agent implementation.  This is a call for consensus to publish these
changes, which will end in 10 days, on July 10th.

Sincerely,

Brad Hill
WebAppSec co-chair