Anne van Kesteren wrote:
I have updated the editor's draft of the Access Control for Cross-site
Requests specification to include support for HTTP headers as per my
proposal earlier:
http://www.w3.org/mid/[EMAIL PROTECTED]
http://dev.w3.org/2006/waf/access-control/
Nothing else has changed because no other changes have been proposed.
I think we should be able to go to Last Call now.
I do not think we are ready to go into Last Call. There is a major
outstanding issue, which is if cookies and auth headers should be
included. Implementation wise this is easy to change, but it
significantly changes the semantics of the spec, so I think it's an
issue we need to find a resolution for first.
I'm all for publishing another draft though.
/ Jonas
