[whatwg] New work on fonts at W3C

Anne van Kesteren wrote:
> On Sat, 20 Jun 2009 17:07:06 +0200, Brad Kemper <brad.kemper at gmail.com>
> wrote:
>> I didn't mean it should be restricted by default. Just that CORS could
>> restrict it like anything else if you told it to. And that the font
>> could instruct the CORS mechanism.
> 
> That's not how CORS works. CORS is not about restricting at all. It is
> about lifting cross-origin restrictions if any are present. If there are
> no restrictions to start with (which I think makes sense for consistency
> as I pointed out though it seems not everyone agrees) CORS cannot impose
> any.

Perhaps CORS could further defined to use following rules:

1) without CORS same-origin restrictions may or may not apply depending
on the resource type or user agent (with XHR it does apply, with IMG SRC
attribute it does not apply)

2) with CORS, the same-origin restrictions always apply and in addition
to same-origin, any entity listed in CORS may use the resource

This way CORS could be expanded to apply to XML, CSS, images, videos and
font files.

This would change to status of CORS somewhat - it would still only allow
lifting cross-origin restrictions but a mere presence of it would
suggest to user agent that same-origin checks should be done.

If enough user agents started following the hints given with CORS it
could be used as a pseudo-restriction (I would consider this a label and
fence as used in this font discussion.)

-- 
Mikko

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090622/a1d08128/attachment.pgp>

Received on Monday, 22 June 2009 04:12:27 UTC