- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 23 Nov 2010 15:05:02 -0800
- To: Anne van Kesteren <annevk@opera.com>
- Cc: WebApps WG <public-webapps@w3.org>
My recollection of the status of ISSUE-108 is that CORS was going to provide functionality equivalent to that of UMP when the CORS credentials flag is false. CORS was also also going to expand its Security Considerations section to explain the Confused Deputy issues, possibly by borrowing text from UMP. Are you saying that work has been completed or it will not be undertaken? The current editor's draft of CORS does mention a credentials flag, but I haven't found much detail on it. For example, what effect does it have on use of the browser's request cache? --Tyler On Wed, Nov 17, 2010 at 6:40 AM, Anne van Kesteren <annevk@opera.com> wrote: > http://www.w3.org/2008/webapps/track/issues/108 has been open for a year and > we have made little concrete progress on it unfortunately. Meanwhile, CORS > is shipping, deployed and nobody is planning to take it out or down as far > as I know. I think it is time to move on and go to Last Call. > > I am open to spending a few more days on finding a solution to this problem > we can all agree with, but if we have nothing by December 1 and at that > point it does not seem likely it will get anywhere we should go for a Last > Call CfC (or maybe straight to a formal vote) and call it a day. > > > -- > Anne van Kesteren > http://annevankesteren.nl/ > >
Received on Tuesday, 23 November 2010 23:05:31 UTC