W3C home > Mailing lists > Public > www-style@w3.org > June 2011

RE: css3-fonts: should not dictate usage policy with respect to origin

From: Levantovsky, Vladimir <Vladimir.Levantovsky@MonotypeImaging.com>
Date: Wed, 22 Jun 2011 01:34:44 -0400
To: Florian Rivoal <florianr@opera.com>, John Daggett <jdaggett@mozilla.com>
CC: Jonathan Kew <jonathan@jfkew.plus.com>, Tab Atkins Jr. <jackalmage@gmail.com>, John Hudson <tiro@tiro.com>, W3C Style <www-style@w3.org>, 3668 FONT <public-webfonts-wg@w3.org>, "www-font@w3.org" <www-font@w3.org>, Glenn Adams <glenn@skynav.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>
Message-ID: <7534F85A589E654EB1E44E5CFDC19E3D0BE3D0E99D@wob-email-01.agfamonotype.org>
On Wednesday, June 22, 2011 12:06 AM Florian Rivoal wrote:
> I agree the proposals are not that far apart if you only consider
> fonts,
> but there is a little more in favor of From-Origin than purity of
> essence.
> It is a more generic mechanism.

Yes, I agree - From-Origin is a more generic mechanism.

> If we only fix it for fonts, blocking
> by default and allowing to opt out is sane. But if we have a generic
> mechanism that applies to any kinds of resources, allow access and
> allow opt-in restriction is a better default.
> Also, the information leak problem is definitely not unique to fonts,
> and I would find it a shame to pass on a good opportunity to introduce
> a generic mechanism that can solve it for everybody.

This goes back to our discussion about consistency. There is nothing that would preclude us from having different defaults introduced for backward compatibility (where absence of From-Origin header would be considered as "From-Origin=any", and for everything else including fonts where absence of the header would be treated as "From-Origin=same"

This would offer the best of both worlds solution - a generic mechanism that is backward compatible and works with all existing resource types, and also the one that requires no extra work for the majority of authors.


Received on Wednesday, 22 June 2011 05:35:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:38:47 UTC