[webappsec] CfC: Proposed non-normative updates to CORS

In response to https://www.w3.org/Bugs/Public/show_bug.cgi?id=28861 and
other requests, I would like to propose the following non-normative edits
to the CORS Recommendation. (http://www.w3.org/TR/cors/)

See attached file for the proposed publication-ready document including
these edits.

A detailed description of the proposed edits follows:

1) Remove text referring to expected changes in HTML5 and the HTTP Status
Code 308, as both have advanced to REC and RFC status, respectively.

2) Update the HTTP Status Code 308 reference to point to RFC7538

3) Remove text and links for implementation reports that are 404.

4) Add the following to the end of SOTD:

<p> Development of the CORS algorithm after 2013 has continued in the <a
href="https://fetch.spec.whatwg.org/">Fetch Living Standard</a>. </p>

5) Correct Section 6.2 Preflight Request, step 10, second Note, to
correctly refer to Access-Control-Request-Headers.

These changes do not impact the conformance characteristics of any user
agent implementation.  This is a call for consensus to publish these
changes, which will end in 10 days, on July 10th.

Sincerely,

Brad Hill
WebAppSec co-chair

Received on Tuesday, 30 June 2015 21:06:20 UTC