W3C home > Mailing lists > Public > public-publ-wg@w3.org > August 2017

Re: Proposal to Republish CORS as Obsolete Recommendation (Call for Review)

From: Ivan Herman <ivan@w3.org>
Date: Thu, 31 Aug 2017 13:20:22 +0200
Cc: W3C Publishing Working Group <public-publ-wg@w3.org>
Message-Id: <10C7FE0E-5158-441B-8BED-C4C5E58051E7@w3.org>
To: Tzviya Siegman <tsiegman@wiley.com>
Yep, although the concept is not gone. The WhatWG Fetch spec includes the same features as CORS[1] (as far as I know), so it is more that it is superseded. However, the Fetch spec is not a W3C spec, so, formally, superseded is not the right term…

Fetch is, of course:-), an extremely-difficult-to-read spec. Anybody knows of a good tutorial like text that we could use?


[1] https://fetch.spec.whatwg.org/#http-cors-protocol

> On 31 Aug 2017, at 13:10, Siegman, Tzviya - Hoboken <tsiegman@wiley.com> wrote:
> Our group has mentioned CORS many times in our discussions of origins and manifests. It's worth noting that it is being formally obsoleted.
> Tzviya Siegman
> Information Standards Lead
> Wiley
> 201-748-6884
> tsiegman@wiley.com 
> -----Original Message-----
> From: Coralie Mercier [mailto:coralie@w3.org] 
> Sent: Thursday, August 31, 2017 4:36 AM
> To: w3c-ac-forum@w3.org
> Cc: chairs@w3.org
> Subject: Proposal to Republish CORS as Obsolete Recommendation (Call for Review)
> Dear Advisory Committee Representative,
> Chairs,
> This is a proposal to republish the following W3C Recommendation as Obsolete Recommendation:
>  Cross-Origin Resource Sharing, W3C Recommendation 16 January 2014
>  http://www.w3.org/TR/2014/REC-cors-20140116/
> The SoTD should read:
> [[
> This specification is obsolete and should no longer be used as a basis for implementation.
> The [Fetch Living Standard](https://fetch.spec.whatwg.org/) provides the same set of features with additional refinements to improve security, such as the [CORS safelisted request headers](https://fetch.spec.whatwg.org/#cors-safelisted-request-header). The Fetch specification also contains new features, which would not be covered by the [5 February 2004 W3C Patent Policy](https://www.w3.org/Consortium/Patent-Policy-20040205/), such as the possibility to use a [wildcard "*"](https://fetch.spec.whatwg.org/#cors-preflight-fetch-0) in CORS headers. As an historical reference, a [snapshot](https://fetch.spec.whatwg.org/commit-snapshots/f3bb21991abdd335175fcc5d26a0d0b7b380d4fe/) of the Fetch Living Standard as of 15 June 2017 is also available.
> ]]
> Although the Fetch Living Standard continues to evolve and accordingly W3C cannot speak to the stability of the entire spec - the portions of the Fetch spec that obsolete the CORS spec are stable and have sufficient implementations on the Web - the Director supports the Working Group's request to republish the CORS Recommendation as an Obsolete Recommendation.
> The approval and publication are in response to this transition request from the Web Application Security Working Group [1]:
>  https://lists.w3.org/Archives/Member/chairs/2017JulSep/0089.html
> There wasn't any Formal Objection within the Web Application Security Working Group.
> Issues are welcome by 2017-09-28 and should be sent to <public-webappsec@w3.org>.
> Please review this proposal and indicate whether your organization supports obsoleting this Recommendation or objects to this action, by completing the following questionnaire:
>  https://www.w3.org/2002/09/wbs/101147/cors-obs-2017-09/
> The deadline for responses is 23:59, Boston time on 2017-09-28. Additional details about the review are available in the questionnaire.
> This Call for review follows section 6.9 "Obsoleting or Rescinding a W3C Recommendation" of the W3C Process Document:
>  https://www.w3.org/2017/Process-20170301/#rec-rescind
> Thank you,
> For Tim Berners-Lee, W3C Director, and
> Philippe Le Hégaret, Project Management Lead; Coralie Mercier, Head of W3C Marketing & Communications
> [1] http://www.w3.org/2011/webappsec/
> --
> Coralie Mercier  -  W3C Marketing & Communications -  https://www.w3.org mailto:coralie@w3.org +336 4322 0001 https://www.w3.org/People/CMercier/

Ivan Herman, W3C 
Publishing@W3C Technical Lead
Home: http://www.w3.org/People/Ivan/
mobile: +31-641044153
ORCID ID: http://orcid.org/0000-0003-0782-2704
Received on Thursday, 31 August 2017 11:20:02 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:52:16 UTC