W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > April 2010

Re: About using CORS

From: Christopher Slye <cslye@adobe.com>
Date: Tue, 27 Apr 2010 22:47:14 -0700
Message-ID: <F3731452-4B9A-4793-A2D7-47A5D4EF7A93@adobe.com>
To: <public-webfonts-wg@w3.org>

On Apr 27, 2010, at 9:51 PM, Anne van Kesteren wrote:

> A same-origin restriction by default does nothing to protect their custom
> corporate fonts.

Hmm. "Does nothing."

> The font can simply be downloaded and uploaded to a
> different server.

There. You just forced the user to do something unusual, something they wouldn't otherwise do -- and that has legal and moral significance.

I can leave my wallet on top of my car, or I can put it on the front seat with the doors unlocked. Just because it's still easy for someone to take my wallet doesn't mean that putting it in the car does nothing to protect it.

-Christopher
Received on Wednesday, 28 April 2010 05:47:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 April 2010 05:47:53 GMT