W3C home > Mailing lists > Public > www-style@w3.org > June 2009

Re: New work on fonts at W3C

From: Brad Kemper <brad.kemper@gmail.com>
Date: Tue, 23 Jun 2009 07:28:32 -0700
Cc: Mikko Rantalainen <mikko.rantalainen@peda.net>, "www-style@w3.org" <www-style@w3.org>, whatwg@whatwg.org
Message-Id: <E81BBE3B-EE3F-4B6A-AE73-281226799353@gmail.com>
To: Aryeh Gregor <Simetrical+w3c@gmail.com>

On Jun 22, 2009, at 1:15 PM, Aryeh Gregor wrote:

> On Mon, Jun 22, 2009 at 10:43 AM, Brad Kemper<brad.kemper@gmail.com>  
> wrote:
>> This makes sense to me. I was surprised and found it counter- 
>> intuitive to
>> learn that CORS could be used to list the servers that are allowed  
>> access,
>> but could not and would not restrict access to servers not on that  
>> list. Why
>> not? If the header was added to an image file, it would seem to be  
>> a clear
>> indication of what servers were allowed access or not.
> Consider the following scenario:
> 1) Site A hotlinks images from site B
> 2) Firefox 3.5 implements CORS in a way that allows sites to deny
> cross-origin requests of images
> 3) Site B's webmaster hears about this and says "Great, I can stop
> hotlinking!" and uses it

As should be his right. There are some current methods available, but  
they are cumbersome and heavy handed.

> 4) User of site A upgrades to Firefox 3.5, images suddenly break.
> User gets annoyed and concludes Firefox 3.5 is broken, and switches
> back to Firefox 3.0 or to a competing browser.

If site A is using site B's images against the wishes of site A, then  
it will probably be broken often anyway, because when site B finds out  
about it, he will change the names or locations of the files, and  
replace the old ones with pictures to embarrass the content thief.  
People who frequent sites that are stealing other people's  
intellectual property should really expect those sites to have problems.

Is market share so important that it must serve the needs of the  
shadiest of operations at the expense of mainstream society? Do  
software publishers really want their UA's to become known as the  
browser that allows flagrant copyright violation if other UAs don't?  
Your reputation is colored by the company you choose to associate with  
the most.

> I believe that's the major rationale for not permitting cross-origin
> restrictions on existing media types.  The only way this could work is
> if *all* browsers agreed to implement it all at once, and it would
> still seriously annoy a lot of users/cause them to delay
> upgrading/etc.,

The only people it would annoy would be the subclass that are going to  
irrefutable sites that illegitimately use the fruits of other people's  
labors in order to profit or gain for themselves.

> which none of the browser vendors want to do.
Received on Tuesday, 23 June 2009 14:29:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:38:27 UTC