- From: Cameron McCormack via GitHub <sysbot+gh@w3.org>
- Date: Sun, 17 Dec 2017 00:34:50 +0000
- To: public-css-archive@w3.org
heycam has just created a new issue for https://github.com/w3c/csswg-drafts: == [css-font-loading] unclear how CSP interacts with font loads == I think we need to make clear that loads initiated by `FontFace` objects are affected by CSP font-src directives. The right way to do this is probably by using the Fetch algorithm in the spec. We also need to clarify which window is used to perform the CSP check, when multiple windows are involved. For example, if a `FontFace` is created in an outer window, added to the `FontFaceSet` in an iframe, and then layout or a `load()` call on the `FontFaceSet` in that iframe's window happens, do we use the CSP directives from the outer window or the iframe? Using the Fetch algorithm would probably fix this too. Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2113 using your GitHub account
Received on Sunday, 17 December 2017 00:34:52 UTC