I updated CORS over the past few days:
http://dev.w3.org/2006/waf/access-control/
Summary:
* Redirects only work for simple requests
* Origin header semantics are left to the draft that defines the Origin
header, apart from the requirement as to what the initial origin should be.
* HTML5 is no longer used for origin related definitions and therefore
removed as dependency.
* Switched dependency from RFC 2616 to httpbis assuming that will be done
before this specification is completely done.
* Added non-normative reference for the various potential CORS API
specifications mentioned throughout the draft.
* Removed the @font-face construct use case per a comment.
I suggest we try to resolve the remaining open issues in the issue tracker
during the F2F. It would also be good if someone could volunteer for a
test suite.
--
Anne van Kesteren
http://annevankesteren.nl/
