- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 01 Mar 2011 08:35:33 +0100
- To: "WebApps WG" <public-webapps@w3.org>
Hi, The WebFonts WG is looking for a way to prevent cross-origin embedding of fonts as certain font vendors want to license their fonts with such a restriction. Some people think CORS is appropriate for this, some don't. Here is some background material: http://weblogs.mozillazine.org/roc/archives/2011/02/distinguishing.html http://annevankesteren.nl/2011/02/web-platform-consistency http://lists.w3.org/Archives/Public/public-webfonts-wg/2011Feb/0066.html More generally, having a way to prevent cross-origin embedding of resources can be useful. In addition to license enforcement it can help with: * Bandwidth "theft" * Clickjacking * Privacy leakage To that effect I wrote up a draft that complements CORS. Rather than enabling sharing of resources, it allows for denying the sharing of resources: http://dvcs.w3.org/hg/from-origin/raw-file/tip/Overview.html And although it might end up being part of the Content Security Policy work I think it would be useful if publish a Working Draft of this work to gather more input, committing us nothing. What do you think? Kind regards, -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 1 March 2011 07:36:08 UTC