- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Fri, 14 May 2010 13:18:52 -0400
- To: Maciej Stachowiak <mjs@apple.com>, Anne van Kesteren <annevk@opera.com>, Jonas Sicking <jonas@sicking.cc>, Chris Wilson <Chris.Wilson@microsoft.com>, Adrian Bateman <adrianba@microsoft.com>
- Cc: WebApps WG <public-webapps@w3.org>
Simpler and/or shorter would indeed be good, although it may be too late. Jonas, IE Guys (Chris, Adrian, ...) - what is your input on this issue? -Art Barstow On May 13, 2010, at 3:39 AM, ext Maciej Stachowiak wrote: > > On May 6, 2010, at 5:30 PM, Anne van Kesteren wrote: > >> Here is a brief proposal for how we could simplify the current set >> of CORS headers. We can use this thread to evaluate whether it is >> worth breaking with what Firefox, Safari, Chrome, and IE are doing >> now. And whether all parties are willing to change their supported >> syntax in due course. >> >> Furthermore, I suggest that if we have nothing conclusive on this >> topic by June 15 we consider ISSUE-89[1] as resolved. We have to >> move on at some point. (Maybe the chairs should issue a CfC for >> this to make it official.) >> >> >> I suggest we merge Access-Control-Allow-Origin, Access-Control- >> Allow-Credentials, and Access-Control-Max-Age into a new header, >> named CORS. The syntax of this new header would be: >> >> "CORS" : "credentials"? origin-value delta-seconds? >> >> Access-Control-Allow-Methods and Access-Control-Allow-Headers >> become CORS-Methods and CORS-Headers respectively. I do not think >> it is worth trying to merge these in as well. >> >> We keep the Origin header. >> >> And Access-Control-Request-Method and Access-Control-Request- >> Headers are merged into a new header, named CORS-Preflight. The >> syntax of this new header would be: >> >> "CORS-Preflight" : Method [SP field-name]* >> >> >> [1]<http://www.w3.org/2008/webapps/track/issues/89> >> > > > I'm not that keen on changing the names, but if we do, I think > "CORS" might be a bit mysterious by itself as a header name. Here's > another set of naming suggestions, if we do go down the renaming > path (which for the record I'd rather not): > > CORS ==> Allow-Access or Expose-Response > CORS-Methods ==> Allow-Methods > CORS-Headers ==> Allow-Headers (or Allow-Request-Headers) > CORS-Preflight ==> can't think of a better name for this > new header to expose more response headers ==> Expose-Headers (or > Expose-Response-Headers) > > Regards, > Maciej
Received on Friday, 14 May 2010 17:21:28 UTC