On Wed, 07 Apr 2010 16:06:55 +0200, Arthur Barstow <art.bars...@nokia.com>
wrote:
What is the status and plan to get CORS ready for Last Call?
I've mostly been waiting to see what happens with UMP. What I've heard so
far from various implementors is that they want to keep CORS and add the
ability to XMLHttpRequest for credential-less requests via the
constructor. But I might be missing something.
I see the following related "Raised" Issues:
Reduce the length of the header names?
http://www.w3.org/2008/webapps/track/issues/89
This is not possible I think. SPDY or some such should be of help here.
Anyway, it is still open because mnot wanted some kind of official WG
decision.
Exposing more (~infinite) response headers
http://www.w3.org/2008/webapps/track/issues/90
I've been trying to find out which solution implementors prefer, but
without much luck so far.
confused deputy problem
http://www.w3.org/2008/webapps/track/issues/108
We discussed this to death.
CORS does not define the effect of the credentials flag in sufficient
detail
http://www.w3.org/2008/webapps/track/issues/114
I defined this.
And the latest ED includes 3 "red block" Issues.
They all indicate the need for other specifications to move forward. URL,
HTTP, and whatever specification ends up defining origin. I.e. editorial
and should in theory not block progress.
--
Anne van Kesteren
http://annevankesteren.nl/
