- From: Dirk Pranke <dpranke@chromium.org>
- Date: Tue, 23 Nov 2010 15:41:10 -0800
- To: Tyler Close <tyler.close@gmail.com>
- Cc: Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
My recollection matches Tyler's. At one point I volunteered to work on the Security Considerations section and did a draft, but sadly got distracted by other things. I can attempt to dust that draft off and try again if that is useful. -- Dirk On Tue, Nov 23, 2010 at 3:05 PM, Tyler Close <tyler.close@gmail.com> wrote: > My recollection of the status of ISSUE-108 is that CORS was going to > provide functionality equivalent to that of UMP when the CORS > credentials flag is false. CORS was also also going to expand its > Security Considerations section to explain the Confused Deputy issues, > possibly by borrowing text from UMP. Are you saying that work has been > completed or it will not be undertaken? The current editor's draft of > CORS does mention a credentials flag, but I haven't found much detail > on it. For example, what effect does it have on use of the browser's > request cache? > > --Tyler > > On Wed, Nov 17, 2010 at 6:40 AM, Anne van Kesteren <annevk@opera.com> wrote: >> http://www.w3.org/2008/webapps/track/issues/108 has been open for a year and >> we have made little concrete progress on it unfortunately. Meanwhile, CORS >> is shipping, deployed and nobody is planning to take it out or down as far >> as I know. I think it is time to move on and go to Last Call. >> >> I am open to spending a few more days on finding a solution to this problem >> we can all agree with, but if we have nothing by December 1 and at that >> point it does not seem likely it will get anywhere we should go for a Last >> Call CfC (or maybe straight to a formal vote) and call it a day. >> >> >> -- >> Anne van Kesteren >> http://annevankesteren.nl/ >> >> > >
Received on Tuesday, 23 November 2010 23:41:44 UTC