W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > February 2011

Re: SOR: CORS or From-Origin?

From: Behdad Esfahbod <behdad@google.com>
Date: Thu, 10 Feb 2011 17:17:13 -0500
Message-ID: <AANLkTinGupP4j35RSe8NW-zZz1MO72+V6y1CZ+EYo5TV@mail.gmail.com>
To: Tab Atkins <tabatkins@google.com>
Cc: liam@w3.org, public-webfonts-wg@w3.org
On Thu, Feb 10, 2011 at 5:05 PM, Tab Atkins <tabatkins@google.com> wrote:

> On Thu, Feb 10, 2011 at 1:51 PM, Behdad Esfahbod <behdad@google.com>
> wrote:
> > On Thu, Feb 10, 2011 at 4:32 PM, Liam R E Quin <liam@w3.org> wrote:
> >>
> >> On Thu, 2011-02-10 at 16:16 -0500, Behdad Esfahbod wrote:
> >> > Given the discussion going on, I wonder, has it been considered to
> >> > include a
> >> > SOR flag in the WOFF file itself?
> >>
> >> By the time you've got the font in order to check the flag, it's too
> >> late for the server to refuse to send it, no?
> >
> > No.  This is exactly like the current proposed SOR, which is also
> > client-side.  This is not about the server refusing to serve.  You can
> > always download the font using "wget", and the current SOR mechanism
> would
> > help there either.  It's about the font not working on other people's
> > website.
>
> You must be misunderstanding something in the proposal, because you're
> incorrect here.
>

Ok, let me correct myself: what I propose is *functionally* equivalent to
the current SOR.  In that in both cases, another domain linking to the font
will NOT work.  In both cases, people can download the font still, because
SOR does not restrict the server from serving.

behdad



> Applying SOR to all @font-face resources means that you can refuse to
> request a resource altogether based on the url.  You don't ever have
> to make the request at all.
>
> Now, if SOR *only* applied to WOFF, and other font files like TTF
> could be freely served cross-origin, then you'd be right.  Firefox and
> IE apply SOR to everything coming through @font-face, though.
>
> ~TJ
>
Received on Thursday, 10 February 2011 22:18:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 10 February 2011 22:18:05 GMT