W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > April 2010

Re: About using CORS

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 28 Apr 2010 14:17:43 +0900
To: "John Hudson" <tiro@tiro.com>
Cc: public-webfonts-wg@w3.org, "Robert O'Callahan" <robert@ocallahan.org>
Message-ID: <op.vbuwztu864w2qv@annevk-t60>
On Tue, 27 Apr 2010 01:04:37 +0900, John Hudson <tiro@tiro.com> wrote:
> Information leakage only, or also exposure of digital IP assets? My  
> clients are interested in serving their custom corporate fonts in a way  
> that does not expose them to use by other parties, so for them  
> same-origin restrictions are of interest in protecting these corporate  
> assets in the same way as protecting corporate information.

FWIW, I'm not opposed to adding a same-origin protection mechanism for  
resources, but I think it should not be limited to fonts. E.g. we could  
have

   From-Origin: same

or some such for resources which would mean that the resource can only be  
used if it is same-origin with the Document to which the resource is  
applied.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 28 April 2010 05:18:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 April 2010 05:18:34 GMT