Re: [css3-webfonts] Downloaded fonts should not... from Brad Kemper on 2008-04-15 (www-style@w3.org from April 2008)

From: Brad Kemper <brkemper@comcast.net>
Date: Tue, 15 Apr 2008 09:51:49 -0700
To: Patrick Garies <pgaries@fastmail.us>
Cc: www-style@w3.org
Message-Id: <86A98EA9-64B7-46E9-8CED-0F448BDA6272@comcast.net>

On Apr 15, 2008, at 9:17 AM, Patrick Garies wrote:

>
> Brad Kemper wrote:
>> Cross-domain fonts would save a lot of downloading if there was a way
>> to ensure that it was the exact same font, without having to download
>> it twice. Also, what exactly qualifies as cross-domain? If I have
>> www.mydomain.com <http://www.mydomain.com> with a downloadable font,
>> will my users have to download the font again in order to use it at
>> ordering.mydomain.com? Sometimes third level domains are all
>> controlled by the same entities, sometimes not.
>
> Brad, what I meant was that a font should not be cached and then  
> accessible by name reference only (i.e., without an |@font-face|  
> rule) even within an application (i.e., a UA). When I think about it  
> more carefully, this isn’t a cross‐domain issue at all since name  
> only references should not work even within a domain; it seems that  
> I misspoke.
>
> In other words, I shouldn’t be able to use |@font-face { src: url("http://www.example.org/font.t 
> tf") /* ExampleFont */; }|, have ExampleFont cached, and then access  
> ExampleFont on some page without an |@font-face| rule as if it had  
> been installed on the OS.

I see. So, for instance, you would want to prevent someone from, say,  
associating helvetica or arial with a downloadable font full of  
company logos or pornographic cartoons, etc. That seems wise, but it  
still means the exact same (popular) font might end up being  
downloaded multiple times from every site that uses it. Anyone know if  
Webkit works that way? I would prefer if it could be downloaded once  
and then used from any page with an @font-face specifying the same  
font name, provided there could be some sort of quick check that it  
was the exact same font (digital signatures or something, perhaps).

> Caching shouldn’t be an issue here as long as the font is always  
> referenced at the same URI.

Which in turn means that I will need a separate version for my https  
site than for my http site, right? Otherwise the browser might display  
some sort of warning about mixed security on the page if I have the  
http URI on the https page, right? Any way around that?

I suppose if IE was the only one to display those annoying alerts  
(that most people ignore but some people are alarmed by), then it  
wouldn't matter much, since MS seems to be against supporting font  
downloads that are not in their EOT format anyway. Or would IE display  
the alert anyway, even though it wouldn't load the font? I wouldn't  
presume that IE would suppress the alert when it didn't matter; that  
would probably make too much sense, and I've long ago given up on IE  
having reasonable, logical, predictable behavior.

>
>
> — Patrick Garies
>
>

Received on Tuesday, 15 April 2008 16:52:28 UTC