W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

RE: the discussion is over, resistance time

From: Sylvain Galineau <sylvaing@microsoft.com>
Date: Fri, 3 Jul 2009 00:33:29 +0000
To: Thomas Lord <lord@emf.net>
CC: luke whitmore <lwhitmore@gmail.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <045A765940533D4CA4933A4A7E32597E020BEFD9@TK5EX14MBXC111.redmond.corp.microsoft.com>
>-----Original Message-----
>From: Thomas Lord [mailto:lord@emf.net]
>Well, let's recognize that there is a
>difference between a negotiation with a
>server about whether that server chooses
>to provide a font file and a restriction
>upon what a client program is permitted to
>with a font file that is already in hand.
>
>Do you understand that difference?  We
>can talk about the significance of that
>difference if you have doubts about it but
>for starters - you see that distinction, right?

Same-origin checks are performed on the client, where the latter verifies the origin of a resource matches that of the context (usually document) requesting it.
There is no negotiation with a server involved, whether the origin domain is explicitly specified and embedded in the resource or implicitly assumed to be specified by
that resource's URL.

So the server does not 'choose' anything. The author sets the rootstrings. The client verifies the rootstring is appropriate for the context in which the resource
is being used.

So before you lecture me about the significance of any difference, we may want to agree on what 'same-origin check' means to you. Because I don't recognize it in your comment.
Received on Friday, 3 July 2009 00:34:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT