W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: [webappsec + webapps] CORS to PR plans

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 12 Aug 2013 12:24:58 -0700
Message-ID: <CAEeYn8g2ea_E65=R9WrH5GSNsB_VuRG=5U2prpe9BTqB-N11AQ@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>
OK, tests at:

http://webappsec-test.info/~bhill2/CORS/status-async.htm

Show that at least Blink and Firefox interop on the full range of 200
status codes, so I'll update the edited PR appropriately and reset the CfC.

-Brad


On Mon, Aug 12, 2013 at 11:57 AM, Brad Hill <hillbrad@gmail.com> wrote:

> Anne,
>
>  Sorry for the delayed reply.
>
>  If you look at the diff-marked version, you'll see the links to WHATWG
> Fetch that I updated.
>
>   As far as the full range of success status codes, if you look at Boris
> Zbarsky's comments in the thread linked, it seems that Firefox was only
> planning to implement 204.
>
>   I will consider the CfC suspended until I get some tests running to
> determine the actual implementation status in various browsers, and we can
> expand the list to whatever will interop.
>
> -Brad
>
>
> On Tue, Jul 16, 2013 at 5:18 PM, Anne van Kesteren <annevk@annevk.nl>wrote:
>
>> On Tue, Jul 16, 2013 at 3:47 PM, Brad Hill <hillbrad@gmail.com> wrote:
>> > 1. Changed "Fetch" references.  The CR document referenced the WHATWG
>> Fetch
>> > spec in a number of places.  This was problematic due to the maturity /
>> > stability requirements of the W3C for document advancement, and I feel
>> also
>> > inappropriate, as the current Fetch spec positions itself as a
>> successor to
>> > CORS, not a reference in terms of which CORS is defined.
>>
>> Pretty sure CORS didn't reference the Fetch Standard. Given that the
>> Fetch Standard is written after I wrote CORS, that would be somewhat
>> improbable.
>>
>>
>> > 8. In response to thread beginning at:
>> > http://lists.w3.org/Archives/Public/public-webappsec/2013Feb/0078.html,
>> > added 204 as a valid code equivalent to 200 for the CORS algorithm.
>>
>> I think implementations are moving towards allowing the whole 200-299
>> range. (Fetch Standard codifies that, at least.)
>>
>>
>> --
>> http://annevankesteren.nl/
>>
>
>
Received on Monday, 12 August 2013 19:25:28 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC