CORS过时了,什么意思?
CORS obsolete, what does that mean?
我刚刚在维基百科上读到(基于 W3 分钟),CORS 现在已经过时了:
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
来自 https://www.w3.org/2017/08/16-webappsec-minutes.html#item03
的会议纪要
Obsoleting CORS
dveditz: I raised on the list obsoleting CORS. The spec is old and doesn't reflect what browsers actually do
scribe ... ongoing work is in Fetch
UNKNOWN_SPEAKER: 所以让 CORS 坐在
周围是没有用的...标记为已过时并指向替换
... 服务
实施者更好
...唯一的答复是 mnot 询问 CORS
对于开发人员
...我想得到 Brad 的反馈
...
我将就此电话会议征集共识,然后在名单上宣布
dveditz:是否反对废弃 CORS?
terri: 听起来很合理
提议: 过时的 CORS
解决方案:已过时的 CORS
dveditz: 我会在列表中宣布这个决定
这怎么可能,是什么让 CORS 过时了?
该讨论只是关于停用 old CORS specification—basically, putting clear indications on it that it should no longer be used by implementors as the basis for implementations, and that implementors should use the Fetch spec at https://fetch.spec.whatwg.org/。
原因是,当前浏览器的所有 CORS 要求都在 Fetch 规范中,而 Fetch 规范是唯一继续积极维护的 CORS 规范——唯一获得改进和规范错误修复的规范,并将添加任何与 CORS 相关的新功能。
见https://lists.w3.org/Archives/Public/public-webappsec/2017Aug/0010.html:
We propose the following Status of the Document:
This document has been obsoleted. Do not implement this specification.
The Fetch Living Standard provides the same set of features with
additional refinements to improve security, such as the CORS
safelisted request headers. It also contains new features, which
would not be covered by the 5 February 2004 W3C Patent Policy, such as
the possibility to use a wildcard "*" in CORS headers.
现在 W3C Web 应用程序安全工作组已经做出决定,很快他们将重新发布旧的 CORS 规范,并将该文本添加到其状态部分。
I just read on Wikipedia (based on W3 minutes) that CORS is now
obsolete:
我刚刚updated that Wikipedia CORS article更准确地陈述事情:
The specification for CORS was originally published as a W3C Recommendation but that document is obsolete. The current actively-maintained specification that defines CORS is the Fetch Living Standard.
我刚刚在维基百科上读到(基于 W3 分钟),CORS 现在已经过时了:
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
来自 https://www.w3.org/2017/08/16-webappsec-minutes.html#item03
的会议纪要Obsoleting CORS
dveditz: I raised on the list obsoleting CORS. The spec is old and doesn't reflect what browsers actually do
scribe ... ongoing work is in Fetch
UNKNOWN_SPEAKER: 所以让 CORS 坐在
周围是没有用的...标记为已过时并指向替换
... 服务 实施者更好
...唯一的答复是 mnot 询问 CORS 对于开发人员
...我想得到 Brad 的反馈
... 我将就此电话会议征集共识,然后在名单上宣布dveditz:是否反对废弃 CORS?
terri: 听起来很合理
提议: 过时的 CORS
解决方案:已过时的 CORS
dveditz: 我会在列表中宣布这个决定
这怎么可能,是什么让 CORS 过时了?
该讨论只是关于停用 old CORS specification—basically, putting clear indications on it that it should no longer be used by implementors as the basis for implementations, and that implementors should use the Fetch spec at https://fetch.spec.whatwg.org/。
原因是,当前浏览器的所有 CORS 要求都在 Fetch 规范中,而 Fetch 规范是唯一继续积极维护的 CORS 规范——唯一获得改进和规范错误修复的规范,并将添加任何与 CORS 相关的新功能。
见https://lists.w3.org/Archives/Public/public-webappsec/2017Aug/0010.html:
We propose the following Status of the Document:
This document has been obsoleted. Do not implement this specification. The Fetch Living Standard provides the same set of features with additional refinements to improve security, such as the CORS safelisted request headers. It also contains new features, which would not be covered by the 5 February 2004 W3C Patent Policy, such as the possibility to use a wildcard "*" in CORS headers.
现在 W3C Web 应用程序安全工作组已经做出决定,很快他们将重新发布旧的 CORS 规范,并将该文本添加到其状态部分。
I just read on Wikipedia (based on W3 minutes) that CORS is now obsolete:
我刚刚updated that Wikipedia CORS article更准确地陈述事情:
The specification for CORS was originally published as a W3C Recommendation but that document is obsolete. The current actively-maintained specification that defines CORS is the Fetch Living Standard.