Re: [csswg-drafts] [css-fonts][css-fonts-4] CSS Fonts 4 needs a proper Security and Privacy Considerations section (#4697) from Chris Lilley via GitHub on 2020-01-24 (public-css-archive@w3.org from January 2020)

From: Chris Lilley via GitHub <sysbot+gh@w3.org>
Date: Fri, 24 Jan 2020 10:11:24 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-578068478-1579860682-sysbot+gh@w3.org>

@snyderp I have written these before, so in this instance maybe it is better if I do the first draft and you (and other privacy experts, and security experts) review that text.

Looking through CSS Fonts 4 just now, I realized that at minimum [Font fetching requirements](https://drafts.csswg.org/css-fonts-4/#font-fetching-requirements) (which mandates CORS and thus forbids cross-origin webfont requests that are not CORS-enabled) needs to be noted.

-- 
GitHub Notification of comment by svgeesus
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/4697#issuecomment-578068478 using your GitHub account

Received on Friday, 24 January 2020 10:11:25 UTC