W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > April 2010

Re: About using CORS (was: Re: WebFonts WG Kick-off)

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 26 Apr 2010 20:55:12 +0900
To: public-webfonts-wg@w3.org, "Robert O'Callahan" <robert@ocallahan.org>
Message-ID: <op.vbrp2aui64w2qv@annevk-t60>
On Mon, 26 Apr 2010 19:28:38 +0900, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> Anne van Kesteren wrote:
>> CORS is meant to lift restrictions that unless otherwise in place would  
>> be privacy problems.
>
> I think the underlying issue here is whether font loads should apply a
> same-origin restriction by default. As far as I know, there's nothing in  
> the CORS spec that ties it to a particular *motivation* for same-origin
> restriction, or to particular resource types. CORS should be applicable  
> to any kind of same-origin restriction.

True, I don't agree with the motivation. There is nothing about fonts that  
warrants a different request policy compared to say images, script, or  
video. All can have specific license requirements or bandwidth issues one  
way or another.

The same-origin policy exists for information leakage. Extending it to  
cover something else just for fonts is a mistake in my opinion.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 26 April 2010 11:55:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 26 April 2010 11:55:55 GMT