W3C home > Mailing lists > Public > www-style@w3.org > June 2009

Re: New work on fonts at W3C

From: Brad Kemper <brad.kemper@gmail.com>
Date: Thu, 25 Jun 2009 20:37:54 -0700
Cc: Jonathan Kew <jonathan@jfkew.plus.com>, Aryeh Gregor <Simetrical+w3c@gmail.com>, www-style@w3.org
Message-Id: <03F18FDD-B948-4FE6-9D17-7DDC0308EF7D@gmail.com>
To: robert@ocallahan.org

On Jun 25, 2009, at 8:27 PM, Robert O'Callahan wrote:

> My understanding is that because of that problem, many firewalls are  
> configured to strip ALL Referer headers. So all users behind such a  
> firewall would be denied all fonts on servers that do Referer  
> checking.
>
> For a lot of site authors, this might be acceptable, or they might  
> send you a second-choice open license font instead. I wonder if it  
> would be acceptable to the font publishers. It would not be that  
> different from sites that block de-referred browsers from seeing  
> their images.
>
> Sure, it might be acceptable, but default same-origin checks plus  
> CORS are a better solution: more reliable, more privacy for users,  
> more convenient for authors.

I agree that CORS is a better way to exchange that sort of  
information, but I am less thrilled about the idea of same-origin  
checks for fonts. If CORS could actually deny access on its own to non- 
authorized sites for whatever assets we want, instead of having to  
paint the restrictions with such a broad brush (as Firefox is doing  
with fonts), it would solve even more problems (such as allowing a  
site to block  access to certain images from sites they don't  
authorize, but without necessarily blocking entire networks that strip  
referrer info).
Received on Friday, 26 June 2009 03:38:32 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:19 GMT