Transition Request: Proposed Obsolete for CORS

Director and Chairs,

This is a Proposed Obsolete Recommendation transition request.

* Document title, URIs of the W3C Recommendation.
Cross-Origin Resource Sharing, W3C Recommendation 16 January 2014

* Rationale: Since the CORS spec no longer describes what browsers do,
we don't want people implementing that version. The non-W3C Fetch[2]
spec is the de facto update to CORS, and Fetch is what this group's
current work references.

We propose the following Status of the Document:

   This document has been obsoleted. Do not implement this specification.
   The <a href="">Fetch Living Standard</a>
   provides the same set of features with additional refinements to
   improve security, such as the <a href=
   safelisted request headers</a>. It also contains new features, which
   would not be covered by the <a href=
   "">5 February
   2004 W3C Patent Policy</a>, such as the possibility to use a <a href=
   "">wildcard "*"
   </a> in CORS headers.
   As an historical reference, a <a href=
   snapshot</a> of the Fetch Living Standard as of 15 June 2017 is
   also available.

* Decision to request transition:

* Wide Review:

CORS staleness has been discussed multiple times by WebAppSec, including
a previous consensus to make non-normative updates to re-direct readers
to Fetch.[2]
No opposition has been expressed to the current CfC.

* Implementation

Browsers are following Fetch, not CORS, for new or updated features.


Received on Friday, 25 August 2017 19:43:14 UTC