W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] TAG request concerning CORS & Next Step(s)

From: Arun Ranganathan <arun@mozilla.com>
Date: Wed, 24 Jun 2009 11:52:09 -0700
Message-ID: <4A4275D9.6040100@mozilla.com>
To: Arthur Barstow <Art.Barstow@nokia.com>, Henry Thompson <ht@inf.ed.ac.uk>, www-tag@w3.org
CC: public-webapps <public-webapps@w3.org>
Arthur Barstow wrote:
> Members of the Web Apps WG,
> Below is an email from Henry Thompson (forwarded with his permission), 
> on behalf of the TAG [1], re the CORS spec [2].
> Two things:
> 1. Please respond to at least this part of Henry's mail:
> [[
> It appeared to us that a number of significant criticisms of the
> appropriateness of CORS have been submitted to the Working Group, from
> respected members of the Web Security community among others. These
> convinced us that there is a real possibility either that server-side
> deployment won't happen, or that even if it did the new functionality
> provided would, on the one hand, be insufficiently secure while, on the
> other, discouraging the provision of something more satisfactory.
> ]]
> 2. For those that have been active in defining the CORS model and/or 
> CORS implementers - particularly Adam, Anne, Jonas, Hixie, Maciej, IE 
> guys (whomever replaced Sunava) - please indicate:
> a) their level of interest in continuing to push the current CORS model;
I've documented what Firefox 3.5 will do here:


Also see:


Now, note that this documentation is dated (it still uses the term 
"Access Control" which should change).  But it is a reflection of what 
will go live in Fx3.5 (Jonas has already commented on redirects on 
preflighted requests, which won't be supported).

A simple test of Fx 3.5 functionality might be:


We continue to have discussion about the "number of significant 
criticisms."  I'm keen to see this result in tangible proposals.
> b) their implementation plans for CORS.
See above (and see email from Jonas Sicking).

-- A*
Received on Wednesday, 24 June 2009 19:19:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC