Re: Update to Access Control for Cross-site Requests

Anne van Kesteren wrote:
> I have updated the editor's draft of the Access Control for Cross-site 
> Requests specification to include support for  HTTP headers as per my 
> proposal earlier:
> Nothing else has changed because no other changes have been proposed.
> I think we should be able to go to Last Call now.

I do not think we are ready to go into Last Call. There is a major 
outstanding issue, which is if cookies and auth headers should be 
included. Implementation wise this is easy to change, but it 
significantly changes the semantics of the spec, so I think it's an 
issue we need to find a resolution for first.

I'm all for publishing another draft though.

/ Jonas

Received on Monday, 7 April 2008 23:33:40 UTC