- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 6 Apr 2009 19:34:30 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
Members of the WebApps WG in the W3C have brought Cross-Origin Resource Sharing (CORS) to my attention, and asked for review/input from IETF folks. http://www.w3.org/TR/2009/WD-cors-20090317/ > This document defines a mechanism to enable client-side cross-origin > requests. Specifications that want to enable cross-origin requests > in an API they define can use the algorithms defined by this > specification. If such an API is used on http://example.org > resources, a resource on http://hello-world.example can opt in using > the mechanism described by this specification (e.g., specifying > Access-Control-Allow-Origin: http://example.org as response header), > which would allow that resource to be fetched cross-origin from http://example.org > . For those who have seen this work before, it has apparently changed significantly in its lifetime, so it's probably worth another look. The document's status section contains information about how to provide feedback to them. While this WG doesn't have a mechanism to provide a forma review of the document, it may be worth briefly discussing its HTTP-specific aspects here. Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Monday, 6 April 2009 09:35:08 UTC