CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call]

What is the status and plan to get CORS ready for Last Call?

I see the following related "Raised" Issues:

  Reduce the length of the header names?

  Exposing more (~infinite) response headers

  confused deputy problem

  CORS does not define the effect of the credentials flag in  
sufficient detail

And the latest ED includes 3 "red block" Issues.

-Art Barstow


On Apr 7, 2010, at 5:54 AM, ext Anne van Kesteren wrote:

> On Tue, 06 Apr 2010 22:12:33 +0200, Tyler Close  
> <>
> wrote:
>> I've uploaded a new draft of the Uniform Messaging Policy to:
>> This version adopts the same redirect handling specified by CORS.  
>> With
>> this change I believe there are no outstanding issues with UMP.
>> The latest version also includes clarifications on the use of HTTP
>> caching in uniform requests, as well as the prohibition of client
>> authenticated connections for uniform requests. Both of these changes
>> reflect clarifications discussed on the list.
>> I believe the current editor's draft of UMP reflects all feedback
>> received on the FPWD and is ready to proceed to Last Call.
> Since this is just a superset of CORS I wonder why we need it. Are  
> there
> any vendors considering dropping support for CORS in favor of just
> supporting UMP?
> -- 
> Anne van Kesteren

Received on Wednesday, 7 April 2010 14:08:07 UTC