W3C home > Mailing lists > Public > www-style@w3.org > June 2009

Re: New work on fonts at W3C

From: Brad Kemper <brad.kemper@gmail.com>
Date: Sat, 20 Jun 2009 10:05:23 -0700
Cc: Anne van Kesteren <annevk@opera.com>, John Daggett <jdaggett@mozilla.com>, www-style@w3.org
Message-Id: <6CEC761A-A989-438E-9F05-6CAFCDBC79B7@gmail.com>
To: robert@ocallahan.org

On Jun 20, 2009, at 5:15 AM, Robert O'Callahan wrote:

> On Sat, Jun 20, 2009 at 11:55 PM, Anne van Kesteren  
> <annevk@opera.com> wrote:
> On Sat, 20 Jun 2009 13:26:19 +0200, Robert O'Callahan <robert@ocallahan.org 
> > wrote:
> On Sat, Jun 20, 2009 at 10:29 PM, Anne van Kesteren  
> <annevk@opera.com>wrote:
> I'm not sure we should have cross-origin restrictions on font loading
> though. Mozilla implemented this, but it seems really inconsistent  
> with
> similar APIs, e.g. <img> and <script>
>
> If we could have cross-origin restrictions on <img> and <script>  
> without
> breaking the Web, we would.
>
> My point is that since we do not have cross-origin restrictions for  
> all those various other ways to load resources cross-origin (<link>,  
> <script>, <img>, <video>, <audio>, <form>, <svg:image>, 'content',  
> 'background-image', 'list-style-image', 'cursor', and probably more)  
> it does not make sense to impose such a restriction here.
>
> I don't think it's valuable to be consistent with a model that is  
> fundamentally insecure and deprives authors of control over who uses  
> their resources.
>

It is valuable to have a single standard for how cross-origin  
restrictions are handled, whether for images, scripts, fonts, or  
anything else, and that's what CORS is. 
Received on Saturday, 20 June 2009 17:06:05 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:18 GMT