On Monday, May 18, 2009, 10:09:13 PM, Anne wrote: AvK> On Tue, 12 May 2009 16:07:59 +0200, Chris Lilley <chris@w3.org> wrote: >> Some fonts are licensed to a specific site or domain. EOT provides one >> way to indicate this in the font itself. Cross Origin Resource Sharing >> (CORS, previously known as Access Control) is a W3C specification which >> may also be used to indicate this [7]. Mozilla Firefox restricts >> downloadable OpenType fonts to those permitted by CORS. >> There may be other ways to indicate metadata, so that foundries and font >> licensees may indicate the nature of their agreement. >> [7] http://www.w3.org/TR/access-control/ AvK> Just to be clear: CORS is not about license enforcement. Right, its about allowing resources from one domain to be used from another, if they would otherwise be disallowed due to security policies. AvK> It is about AvK> alleviating the same-origin policy in certain scenarios. (Whether the AvK> same-origin policy should apply for fonts at all is something I'm not sure AvK> about.) I didn't express an opinion on whether it *should be* only that at least one implementation *does* currently impose a same-origin policy for webfonts, and does allow CORS to be used to widen that policy. -- Chris Lilley mailto:chris@w3.org Technical Director, Interaction Domain W3C Graphics Activity Lead Co-Chair, W3C Hypertext CGReceived on Monday, 25 May 2009 16:51:15 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 18:16:14 GMT