W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2015

Re: [webappsec] CfC: Proposed non-normative updates to CORS

From: Mike West <mkwst@google.com>
Date: Wed, 1 Jul 2015 08:49:16 +0200
Message-ID: <CAKXHy=d+egrJR5OtuUngD1uhL3TyPdszASFCVamBMkfCNUgTaQ@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: public-webappsec@w3.org
These changes sound good to me. I agree that we should publish them.

-mike
On Jun 30, 2015 23:07, "Brad Hill" <hillbrad@gmail.com> wrote:

> In response to https://www.w3.org/Bugs/Public/show_bug.cgi?id=28861 and
> other requests, I would like to propose the following non-normative edits
> to the CORS Recommendation. (http://www.w3.org/TR/cors/)
>
> See attached file for the proposed publication-ready document including
> these edits.
>
> A detailed description of the proposed edits follows:
>
> 1) Remove text referring to expected changes in HTML5 and the HTTP Status
> Code 308, as both have advanced to REC and RFC status, respectively.
>
> 2) Update the HTTP Status Code 308 reference to point to RFC7538
>
> 3) Remove text and links for implementation reports that are 404.
>
> 4) Add the following to the end of SOTD:
>
> <p> Development of the CORS algorithm after 2013 has continued in the <a
> href="https://fetch.spec.whatwg.org/">Fetch Living Standard</a>. </p>
>
> 5) Correct Section 6.2 Preflight Request, step 10, second Note, to
> correctly refer to Access-Control-Request-Headers.
>
> These changes do not impact the conformance characteristics of any user
> agent implementation.  This is a call for consensus to publish these
> changes, which will end in 10 days, on July 10th.
>
> Sincerely,
>
> Brad Hill
> WebAppSec co-chair
>
Received on Wednesday, 1 July 2015 06:49:45 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC