- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 26 Apr 2010 20:55:12 +0900
- To: public-webfonts-wg@w3.org, "Robert O'Callahan" <robert@ocallahan.org>
On Mon, 26 Apr 2010 19:28:38 +0900, Robert O'Callahan <robert@ocallahan.org> wrote: > Anne van Kesteren wrote: >> CORS is meant to lift restrictions that unless otherwise in place would >> be privacy problems. > > I think the underlying issue here is whether font loads should apply a > same-origin restriction by default. As far as I know, there's nothing in > the CORS spec that ties it to a particular *motivation* for same-origin > restriction, or to particular resource types. CORS should be applicable > to any kind of same-origin restriction. True, I don't agree with the motivation. There is nothing about fonts that warrants a different request policy compared to say images, script, or video. All can have specific license requirements or bandwidth issues one way or another. The same-origin policy exists for information leakage. Extending it to cover something else just for fonts is a mistake in my opinion. -- Anne van Kesteren http://annevankesteren.nl/
Received on Monday, 26 April 2010 11:55:55 UTC