W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: Same-origin policies (Re: The other party in all this)

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Tue, 7 Jul 2009 09:47:55 -0400
Message-ID: <7c2a12e20907070647t76f3fcb7p7d57f3fb5230fc6@mail.gmail.com>
To: Bert Bos <bert@w3.org>
Cc: www-font@w3.org
On Tue, Jul 7, 2009 at 5:44 AM, Bert Bos<bert@w3.org> wrote:
> "Ownership" isn't exactly the word I'm looking for, but the adoption of CORS
> to express licenses implies that the author of http://example.com/A  has a
> certain right over http://example.com/B (or vice versa, depending on which
> links to which).

As far as the license issues go, I'd say it only implies that this is
likely to be the case often enough to make it harder to hotlink fonts
in practice, so as to appease some of the font foundries.  Of course,
Mozilla requires same-origin restrictions anyway, partly for security.

> The Web architecture document[1] says that such inferences from URLs should
> not be made. Two URLs are either the same or different. There is nothing in
> between.
> [1] http://www.w3.org/TR/2004/REC-webarch-20041215/#uri-opacity

This is contradicted by same-origin restrictions in JavaScript and so
on, then, isn't it?  And by the design of cookies, and many HTML 5
features, etc.?
Received on Tuesday, 7 July 2009 13:48:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:40 UTC