This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
In http://www.w3.org/TR/cors/#resource-preflight-requests Section 6.2 Preflight Request, step 10, second Note: "Since the list of headers can be unbounded, simply returning supported headers from Access-Control-Allow-Headers can be enough." s/Access-Control-Allow-Headers/Access-Control-Request-Headers/
1) That document is obsolete, use https://fetch.spec.whatwg.org/ instead. 2) If we do any kind of fix here, removing that statement would be better since that proposed fix does not really make it any better.
> 1) That document is obsolete, use https://fetch.spec.whatwg.org/ instead. Thanks for the information. An issue is that (1) there is no clue in the w3c document suggesting that it should be considered as obsolete, and (2) references found on the web routinely refers to the w3c document as "the CORS specification" without mentioning the whatwg document.
Brad, can we mark CORS as obsolete? Or update it to point to the latest version? I keep getting private emails about it too suggesting we're wasting a lot of people their time.