- From: Sylvain Galineau <sylvaing@microsoft.com>
- Date: Sat, 25 Jul 2009 16:10:44 +0000
- To: Chris Fynn <cfynn@gmx.net>, www-font <www-font@w3.org>
>From: Chris Fynn [mailto:cfynn@gmx.net] >Sent: Saturday, July 25, 2009 1:41 AM >To: www-font >Cc: Sylvain Galineau >Subject: same-origin restrictions and EULA (Re: A way forward) > > >If same origin restrictions are enforced by the UA how can an EULA >reasonably require them? Surely web authors cannot be held responsible >for how particular browsers accessing their sites happen to behave in >this regard. Or is the server supposed to check each time which UA is >accessing the site and only serve web fonts to those it knows enforce >same-origin restrictions? One of the features that made EOT attractive to font vendors in the past was rootstrings. They're essentially a hardcoded same-origin policy embedded in the file. If the new format does not have rootstrings it is fair to ask whether the EULA will require same-origin to be enforced in another way. If it does, then the EOT-Lite may have a problem since a) the files have a null rootstring and b) the IE installed base (the reach of which makes EOT-Lite relatively attractive in the short/medium) term would thus not do any same-origin check by default.
Received on Saturday, 25 July 2009 16:11:29 UTC