W3C home > Mailing lists > Public > www-style@w3.org > May 2009

Re: New work on fonts at W3C

From: Chris Lilley <chris@w3.org>
Date: Mon, 25 May 2009 18:50:45 +0200
Message-ID: <889520947.20090525185045@w3.org>
To: "Anne van Kesteren" <annevk@opera.com>
CC: www-style@w3.org
On Monday, May 18, 2009, 10:09:13 PM, Anne wrote:

AvK> On Tue, 12 May 2009 16:07:59 +0200, Chris Lilley <chris@w3.org> wrote:
>> Some fonts are licensed to a specific site or domain. EOT provides one  
>> way to indicate this in the font itself. Cross Origin Resource Sharing  
>> (CORS, previously known as Access Control) is a W3C specification which  
>> may also be used to indicate this [7]. Mozilla Firefox restricts  
>> downloadable OpenType fonts to those permitted by CORS.
>> There may be other ways to indicate metadata, so that foundries and font  
>> licensees may indicate the nature of their agreement.

>> [7] http://www.w3.org/TR/access-control/

AvK> Just to be clear: CORS is not about license enforcement. 

Right, its about allowing resources from one domain to be used from another, if they would otherwise be disallowed due to security policies.

AvK> It is about  
AvK> alleviating the same-origin policy in certain scenarios. (Whether the
AvK> same-origin policy should apply for fonts at all is something I'm not sure
AvK> about.)

I didn't express an opinion on whether it *should be* only that at least one implementation *does* currently impose a same-origin policy for webfonts, and does allow CORS to be used to widen that policy.



-- 
 Chris Lilley                    mailto:chris@w3.org
 Technical Director, Interaction Domain
 W3C Graphics Activity Lead
 Co-Chair, W3C Hypertext CG
Received on Monday, 25 May 2009 16:51:15 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:18 GMT