W3C home > Mailing lists > Public > public-css-commits@w3.org > April 2011

csswg/css3-fonts Fonts.html,1.53,1.54 Overview.html,1.20,1.21

From: John Daggett via cvs-syncmail <cvsmail@w3.org>
Date: Thu, 28 Apr 2011 07:26:54 +0000
To: public-css-commits@w3.org
Message-Id: <E1QFLck-00025G-9i@lionel-hutz.w3.org>
Update of /sources/public/csswg/css3-fonts
In directory hutz:/tmp/cvs-serv7991

Modified Files:
	Fonts.html Overview.html 
Log Message:
rework at-risk wording regarding same origin restriction

Index: Fonts.html
===================================================================
RCS file: /sources/public/csswg/css3-fonts/Fonts.html,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- Fonts.html	28 Apr 2011 06:09:11 -0000	1.53
+++ Fonts.html	28 Apr 2011 07:26:52 -0000	1.54
@@ -290,6 +290,13 @@
 
      <li><a href="#same-origin-restriction"><span class=secno>4.8
       </span>Same-origin restriction for fonts</a>
+      <ul class=toc>
+       <li><a href="#default-same-origin-restriction"><span class=secno>4.8.1
+        </span>Default same-origin restriction</a>
+
+       <li><a href="#allowing-cross-origin-font-loading"><span
+        class=secno>4.8.2 </span>Allowing cross-origin font loading</a>
+      </ul>
     </ul>
 
    <li><a href="#font-matching-algorithm"><span class=secno>5 </span>Font
@@ -2666,6 +2673,9 @@
   <h3 id=same-origin-restriction><span class=secno>4.8 </span>Same-origin
    restriction for fonts</h3>
 
+  <h4 id=default-same-origin-restriction><span class=secno>4.8.1
+   </span>Default same-origin restriction</h4>
+
   <p>User agents must implement a same-origin restriction when loading fonts
    via the @font-face mechanism. This restriction limits the loading of fonts
    for a given document to fonts loaded from the same origin. Fonts can only
@@ -2678,6 +2688,12 @@
    whether a font is same origin or not, only the origin of the containing
    document is used. The restriction applies to all font types.
 
+  <p class=issue>Some implementers would prefer to define a new mechanism
+   (tentatively named From-Origin) to control access to all resource types,
+   in preference to the origin matching algorithm referred to here. As such,
+   this subsection should be considered at risk for alteration if such an
+   alternative mechanism is defined.
+
   <p>Given a document located at http://example.com/page.html, fonts defined
    with ‘<code class=property><a href="#descdef-src">src</a></code>’
    definitions considered cross origin must not be loaded:
@@ -2694,20 +2710,20 @@
 src: url(http://another.example.com/fonts/simple.ttf); 
 </pre>
 
+  <h4 id=allowing-cross-origin-font-loading><span class=secno>4.8.2
+   </span>Allowing cross-origin font loading</h4>
+
   <p>User agents must also implement the ability to relax this restriction
    using cross-site origin controls <a href="#CORS"
    rel=biblioentry>[CORS]<!--{{!CORS}}--></a>. Sites can explicitly allow
    cross-site downloading of font data using the
    <code>Access-Control-Allow-Origin</code> HTTP header.
 
-  <p class=issue>Some implementers feel a same-origin restriction should be
-   the default for all new resource types, including fonts, while others feel
-   strongly that an opt-in strategy usable for all resource types would be a
-   better mechanism and that the default should always be to allow
-   cross-origin linking for consistency with existing resource types (e.g.
-   script, images). As such, this subsection should be considered at risk for
-   removal or alteration if the consensus is to use an alternative mechanism.
-   
+  <p class=issue>If an alternative mechanism to control resource loading
+   (such as the suggested From-Origin HTTP header) is specified, the
+   appropriate mechanism to relax the default same-origin restriction for
+   @font-face may also change. As such, this subsection should be considered
+   at risk for alteration if such an alternative mechanism is defined.
 
   <h2 id=font-matching-algorithm><span class=secno>5 </span>Font matching
    algorithm</h2>

Index: Overview.html
===================================================================
RCS file: /sources/public/csswg/css3-fonts/Overview.html,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- Overview.html	28 Apr 2011 06:09:11 -0000	1.20
+++ Overview.html	28 Apr 2011 07:26:52 -0000	1.21
@@ -290,6 +290,13 @@
 
      <li><a href="#same-origin-restriction"><span class=secno>4.8
       </span>Same-origin restriction for fonts</a>
+      <ul class=toc>
+       <li><a href="#default-same-origin-restriction"><span class=secno>4.8.1
+        </span>Default same-origin restriction</a>
+
+       <li><a href="#allowing-cross-origin-font-loading"><span
+        class=secno>4.8.2 </span>Allowing cross-origin font loading</a>
+      </ul>
     </ul>
 
    <li><a href="#font-matching-algorithm"><span class=secno>5 </span>Font
@@ -2666,6 +2673,9 @@
   <h3 id=same-origin-restriction><span class=secno>4.8 </span>Same-origin
    restriction for fonts</h3>
 
+  <h4 id=default-same-origin-restriction><span class=secno>4.8.1
+   </span>Default same-origin restriction</h4>
+
   <p>User agents must implement a same-origin restriction when loading fonts
    via the @font-face mechanism. This restriction limits the loading of fonts
    for a given document to fonts loaded from the same origin. Fonts can only
@@ -2678,6 +2688,12 @@
    whether a font is same origin or not, only the origin of the containing
    document is used. The restriction applies to all font types.
 
+  <p class=issue>Some implementers would prefer to define a new mechanism
+   (tentatively named From-Origin) to control access to all resource types,
+   in preference to the origin matching algorithm referred to here. As such,
+   this subsection should be considered at risk for alteration if such an
+   alternative mechanism is defined.
+
   <p>Given a document located at http://example.com/page.html, fonts defined
    with ‘<code class=property><a href="#descdef-src">src</a></code>’
    definitions considered cross origin must not be loaded:
@@ -2694,20 +2710,20 @@
 src: url(http://another.example.com/fonts/simple.ttf); 
 </pre>
 
+  <h4 id=allowing-cross-origin-font-loading><span class=secno>4.8.2
+   </span>Allowing cross-origin font loading</h4>
+
   <p>User agents must also implement the ability to relax this restriction
    using cross-site origin controls <a href="#CORS"
    rel=biblioentry>[CORS]<!--{{!CORS}}--></a>. Sites can explicitly allow
    cross-site downloading of font data using the
    <code>Access-Control-Allow-Origin</code> HTTP header.
 
-  <p class=issue>Some implementers feel a same-origin restriction should be
-   the default for all new resource types, including fonts, while others feel
-   strongly that an opt-in strategy usable for all resource types would be a
-   better mechanism and that the default should always be to allow
-   cross-origin linking for consistency with existing resource types (e.g.
-   script, images). As such, this subsection should be considered at risk for
-   removal or alteration if the consensus is to use an alternative mechanism.
-   
+  <p class=issue>If an alternative mechanism to control resource loading
+   (such as the suggested From-Origin HTTP header) is specified, the
+   appropriate mechanism to relax the default same-origin restriction for
+   @font-face may also change. As such, this subsection should be considered
+   at risk for alteration if such an alternative mechanism is defined.
 
   <h2 id=font-matching-algorithm><span class=secno>5 </span>Font matching
    algorithm</h2>
Received on Thursday, 28 April 2011 07:26:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 28 April 2011 07:26:57 GMT