- From: Chris Lilley via GitHub <sysbot+gh@w3.org>
- Date: Mon, 05 Oct 2020 12:05:19 +0000
- To: public-css-archive@w3.org
> Do you envision any special treatment of these requests by content security policy? Currently, CSS accesses external resources such as fonts, images, color profiles via the `url()` function. We have discussed specifying a similar but more full-featured function, (tentatively called `src()`)which is CORS-aware and usable with CSP, plus some other improvements like usabiity with string concatenation. This would provide a consistent improvement for all external resources referenced from CSS, rather than solving it multiple times: - [[css-values] Define crossorigin, preload and async URL modifiers](https://github.com/w3c/csswg-drafts/issues/1603) - [[css-values][all] Define all URL usages in terms of Fetch](https://github.com/w3c/csswg-drafts/issues/562) - [[css-font-loading] unclear how CSP interacts with font loads](https://github.com/w3c/csswg-drafts/issues/2113) - [[css-fonts-3] [css-fonts-4] Font fetching in anonymous mode makes it impossible to link to fonts behind authentication ](https://github.com/w3c/csswg-drafts/issues/3194) - [[css-values] Add url() alias that does not accept unquoted URLs](https://github.com/w3c/csswg-drafts/issues/541) So I guess the answer to your question is "we are working on that, and the solution will not be specific to color profiles" -- GitHub Notification of comment by svgeesus Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5552#issuecomment-703587843 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 5 October 2020 12:05:22 UTC