Open mmccool opened 7 years ago
Well, to be clearer, there is a proposal to mark the CORS spec obsolete, I need to check if the proposal has been approved. At any rate, Fetch does everything CORS does and more, so...
Right, in recent discussion on Scripting I proposed using a separate fetch()
and consume()
method that would be more secure and also more convenient.
This still seems like a "live" issue. We do not actually reference CORS or Fetch in the security guidelines at present at all. It's not clear where it would go; it's not currently mentioned. We probably want to mention it just to say that a single-origin policy is not really suitable for IoT and more flexibility is needed.
CORS is now considered obsolete, having been replaced with Fetch: https://fetch.spec.whatwg.org/ We should leave in the reference to CORS but also mention Fetch.