W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > April 2010

Re: About using CORS (was: Re: WebFonts WG Kick-off)

From: Chris Lilley <chris@w3.org>
Date: Mon, 26 Apr 2010 12:37:03 +0200
Message-ID: <1557625461.20100426123703@w3.org>
To: "Anne van Kesteren" <annevk@opera.com>
CC: public-webfonts-wg@w3.org
On Monday, April 26, 2010, 9:16:25 AM, Anne wrote:

AvK> Christopher Slye wrote:
>> Is there an argument to be made _against_ requiring SOR?

AvK> If by SOR you mean CORS 

No. SOR means Single Origin Restriction and is being used correctly here by Christopher.

AvK> CORS is meant to lift restrictions that unless otherwise in place would be
AvK> privacy problems. 

Privacy is one reason to widen the Single Origin Restriction. There can be other reasons. For example, a licensed user of a font may deploy content on several domains that they own (or rather, one single domain whose domain names would not be considered a single domain in terms of SOR).

AvK> Fonts do not need these restrictions. 

Indeed? A number of font licenses say otherwise and require the licensed user of the font to take 'reasonable precautions' to prevent access to the font from sites other than the one licensed to use it. SAOR is a common means to enable this.

AvK> There is no privacy leak when I use
AvK> a font from another server on my own.

Privacy is not the concern here. 

AvK> If we are concerned with bandwidth usage we should have something that
AvK> also works for <img>, <video>, etc, not just for fonts.

Bandwidth is not the concern here either.


-- 
 Chris Lilley                    mailto:chris@w3.org
 Technical Director, Interaction Domain
 W3C Graphics Activity Lead
 Co-Chair, W3C Hypertext CG
Received on Monday, 26 April 2010 10:37:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 26 April 2010 10:37:13 GMT