- From: Arun Ranganathan <arun@mozilla.com>
- Date: Wed, 24 Jun 2009 11:52:09 -0700
- To: Arthur Barstow <Art.Barstow@nokia.com>, Henry Thompson <ht@inf.ed.ac.uk>, www-tag@w3.org
- CC: public-webapps <public-webapps@w3.org>
Arthur Barstow wrote: > Members of the Web Apps WG, > > Below is an email from Henry Thompson (forwarded with his permission), > on behalf of the TAG [1], re the CORS spec [2]. > > Two things: > > 1. Please respond to at least this part of Henry's mail: > > [[ > It appeared to us that a number of significant criticisms of the > appropriateness of CORS have been submitted to the Working Group, from > respected members of the Web Security community among others. These > convinced us that there is a real possibility either that server-side > deployment won't happen, or that even if it did the new functionality > provided would, on the one hand, be insufficiently secure while, on the > other, discouraging the provision of something more satisfactory. > ]] > > 2. For those that have been active in defining the CORS model and/or > CORS implementers - particularly Adam, Anne, Jonas, Hixie, Maciej, IE > guys (whomever replaced Sunava) - please indicate: > > a) their level of interest in continuing to push the current CORS model; I've documented what Firefox 3.5 will do here: https://developer.mozilla.org/En/HTTP_access_control Also see: https://developer.mozilla.org/En/Server-Side_Access_Control Now, note that this documentation is dated (it still uses the term "Access Control" which should change). But it is a reflection of what will go live in Fx3.5 (Jonas has already commented on redirects on preflighted requests, which won't be supported). A simple test of Fx 3.5 functionality might be: http://arunranga.com/examples/access-control/ We continue to have discussion about the "number of significant criticisms." I'm keen to see this result in tangible proposals. > > b) their implementation plans for CORS. See above (and see email from Jonas Sicking). -- A*
Received on Wednesday, 24 June 2009 18:54:17 UTC