Re: Same-origin policies (Re: The other party in all this) from Aryeh Gregor on 2009-07-07 (www-font@w3.org from July to September 2009)

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Tue, 7 Jul 2009 09:47:55 -0400
To: Bert Bos <bert@w3.org>
Cc: www-font@w3.org
Message-ID: <7c2a12e20907070647t76f3fcb7p7d57f3fb5230fc6@mail.gmail.com>

On Tue, Jul 7, 2009 at 5:44 AM, Bert Bos<bert@w3.org> wrote:
> "Ownership" isn't exactly the word I'm looking for, but the adoption of CORS
> to express licenses implies that the author of http://example.com/A  has a
> certain right over http://example.com/B (or vice versa, depending on which
> links to which).

As far as the license issues go, I'd say it only implies that this is
likely to be the case often enough to make it harder to hotlink fonts
in practice, so as to appease some of the font foundries.  Of course,
Mozilla requires same-origin restrictions anyway, partly for security.

> The Web architecture document[1] says that such inferences from URLs should
> not be made. Two URLs are either the same or different. There is nothing in
> between.
>
> [1] http://www.w3.org/TR/2004/REC-webarch-20041215/#uri-opacity

This is contradicted by same-origin restrictions in JavaScript and so
on, then, isn't it?  And by the design of cookies, and many HTML 5
features, etc.?

Received on Tuesday, 7 July 2009 13:48:57 UTC