Re: [css3-fonts] wording of font fetching algorithm

Anne van Kesteren wrote:

> What I am saying, is that the following requirement:
> 
> # For font loads, user agents must use the potentially CORS-enabled
> # fetch method defined by the [HTML5] specification for URL's
> # defined within @font-face rules. When fetching, user agents must
> # use "Anonymous" mode, set the referrer source to the stylesheet's
> # URL and set the origin to the URL of the containing document.
> 
> Is the only relevant requirement. That specifies what happens both for
> same-origin and cross-origin. So saying that there's a same-origin
> restriction does not make any sense. Saying that it's relaxed does not
> make sense either. It's superfluous and wrong.

We've had a *lot* of discussion of this section, the fact that fonts
are basically same-origin restricted with CORS to relax is simply a
way of emphasizing what the definition of "potentially CORS-enabled
fetch method" with "Anonymous" mode implies.  Superfluous, maybe, but
I don't see why you would label this as "wrong".  I think it's
important to keep the wording explicit here, given all the
back-and-forth about this.

> So the only paragraph in all of section 4.9 that should remain is that
> paragraph. Even the example in 4.9.1 is wrong as it suggests no
> loading happens whereas the paragraph in 4.9.2 requires it to happen
> (and it will only fail if the relevant headers are missing in the
> response).

So you're saying the examples are wrong because the loading would be
allowed if the CORS headers in the response allow it?  I don't think
"fonts aren't loaded" implies that requests aren't issued.

I guess I don't agree with removing all the same-origin restriction
wording but I'm fine with restructuring the wording to say that it's
simply what's implied by the fetch algorithm with the given parameters
and fix up whatever imprecision exists in the current wording.

Regards,

John Daggett

Received on Thursday, 15 August 2013 01:31:32 UTC