W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > February 2011

Re: SOR: CORS or From-Origin?

From: Tab Atkins <tabatkins@google.com>
Date: Thu, 10 Feb 2011 14:05:55 -0800
Message-ID: <AANLkTingzUTeQomno9AEqowXxLHwot0_8-iszRMCAC0d@mail.gmail.com>
To: Behdad Esfahbod <behdad@google.com>
Cc: liam@w3.org, public-webfonts-wg@w3.org
On Thu, Feb 10, 2011 at 1:51 PM, Behdad Esfahbod <behdad@google.com> wrote:
> On Thu, Feb 10, 2011 at 4:32 PM, Liam R E Quin <liam@w3.org> wrote:
>> On Thu, 2011-02-10 at 16:16 -0500, Behdad Esfahbod wrote:
>> > Given the discussion going on, I wonder, has it been considered to
>> > include a
>> > SOR flag in the WOFF file itself?
>> By the time you've got the font in order to check the flag, it's too
>> late for the server to refuse to send it, no?
> No.  This is exactly like the current proposed SOR, which is also
> client-side.  This is not about the server refusing to serve.  You can
> always download the font using "wget", and the current SOR mechanism would
> help there either.  It's about the font not working on other people's
> website.

You must be misunderstanding something in the proposal, because you're
incorrect here.

Applying SOR to all @font-face resources means that you can refuse to
request a resource altogether based on the url.  You don't ever have
to make the request at all.

Now, if SOR *only* applied to WOFF, and other font files like TTF
could be freely served cross-origin, then you'd be right.  Firefox and
IE apply SOR to everything coming through @font-face, though.

Received on Thursday, 10 February 2011 22:06:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:34:15 UTC