[csswg-drafts] [css-font-loading] unclear how CSP interacts with font loads from Cameron McCormack via GitHub on 2017-12-17 (public-css-archive@w3.org from December 2017)

From: Cameron McCormack via GitHub <sysbot+gh@w3.org>
Date: Sun, 17 Dec 2017 00:34:50 +0000
To: public-css-archive@w3.org
Message-ID: <issues.opened-282660598-1513470889-sysbot+gh@w3.org>

heycam has just created a new issue for https://github.com/w3c/csswg-drafts:

== [css-font-loading] unclear how CSP interacts with font loads ==
I think we need to make clear that loads initiated by `FontFace` objects are affected by CSP font-src directives.  The right way to do this is probably by using the Fetch algorithm in the spec.

We also need to clarify which window is used to perform the CSP check, when multiple windows are involved.  For example, if a `FontFace` is created in an outer window, added to the `FontFaceSet` in an iframe, and then layout or a `load()` call on the `FontFaceSet` in that iframe's window happens, do we use the CSP directives from the outer window or the iframe?  Using the Fetch algorithm would probably fix this too.

Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2113 using your GitHub account

Received on Sunday, 17 December 2017 00:34:52 UTC