- From: Chris Lilley <chris@w3.org>
- Date: Fri, 25 Mar 2011 18:42:51 +0100
- To: WOFF Working Group <public-webfonts-wg@w3.org>
Hello, There is a new published draft of CSS3 Fonts http://www.w3.org/TR/2011/WD-css3-fonts-20110324/ among the changes, the same Origin Restriction (SOR) has moved from being an informative appendix to being normative. http://www.w3.org/TR/2011/WD-css3-fonts-20110324/#same-origin-restriction However, it does not require SOR; it just defines what that means when it is implemented: "Some user agents implement a same-origin restriction when loading font resources. This section defines the meaning of that restriction." Relaxing SOR via CORS is defined. The alternative of allowing uniform referencing and enforcing SOR through CORER [1] is not defined in CSS3 Fonts; probably because CORER is a proposal to the WebApps WG and has not been accepted as a work item or published as a WG deliverable. These is a marked issue in CSS3 Fonts: "Some implementers feel a same-origin restriction should be the default for all new resource types while others feel strongly that an opt-in strategy usuable for all resource types would be a better mechanism and that the default should always be to allow cross-origin linking for consistency with existing resource types (e.g. script, images). As such, this section should be considered at risk for removal if the consensus is to use an alternative mechanism. " [1] Cross-Origin Resource Embedding Restrictions Editor's Draft 28 February 2011 http://dvcs.w3.org/hg/from-origin/raw-file/tip/Overview.html Tracker, this relates to ACTION-77: Propose at-risk wording -- Chris Lilley Technical Director, Interaction Domain W3C Graphics Activity Lead, Fonts Activity Lead Co-Chair, W3C Hypertext CG Member, CSS, WebFonts, SVG Working Groups
Received on Friday, 25 March 2011 17:42:55 UTC