Re: About using CORS (was: Re: WebFonts WG Kick-off)

On Mon, 26 Apr 2010 19:28:38 +0900, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> Anne van Kesteren wrote:
>> CORS is meant to lift restrictions that unless otherwise in place would  
>> be privacy problems.
>
> I think the underlying issue here is whether font loads should apply a
> same-origin restriction by default. As far as I know, there's nothing in  
> the CORS spec that ties it to a particular *motivation* for same-origin
> restriction, or to particular resource types. CORS should be applicable  
> to any kind of same-origin restriction.

True, I don't agree with the motivation. There is nothing about fonts that  
warrants a different request policy compared to say images, script, or  
video. All can have specific license requirements or bandwidth issues one  
way or another.

The same-origin policy exists for information leakage. Extending it to  
cover something else just for fonts is a mistake in my opinion.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Monday, 26 April 2010 11:55:55 UTC