RE: About using CORS

Dear all,

At the last conference call it was suggested (and agreed) to discuss access control (same-origin restriction and CORS). As our brief history shows, we could have a much more productive call if/when we conduct the preliminary discussions on the email list, and it would help greatly if we could have a proposed spec language addressing this particular subject before the call.

For your reference, a relevant discussion occurred earlier this year on www-style list when the draft of CSS3 Fonts Module was introduced by John Daggett [1], where the following comments were presented [2], [3].

I would like us to resume our discussion on this list with the purpose to propose and discuss a language we need to introduce in the WOFF specification to address the issue.

Thank you,
Vlad


[1] http://dev.w3.org/csswg/css3-fonts/#same-origin-restriction

[2] http://lists.w3.org/Archives/Public/www-style/2010Mar/0553.html

[3] http://lists.w3.org/Archives/Public/www-style/2010Apr/0070.html




> -----Original Message-----
> From: public-webfonts-wg-request@w3.org [mailto:public-webfonts-wg-
> request@w3.org] On Behalf Of John Hudson
> Sent: Monday, April 26, 2010 12:05 PM
> To: Anne van Kesteren
> Cc: public-webfonts-wg@w3.org; Robert O'Callahan
> Subject: Re: About using CORS (was: Re: WebFonts WG Kick-off)
> 
> Anne van Kesteren wrote:
> 
> > The same-origin policy exists for information leakage. Extending it
> to
> > cover something else just for fonts is a mistake in my opinion.
> 
> Information leakage only, or also exposure of digital IP assets? My
> clients are interested in serving their custom corporate fonts in a way
> that does not expose them to use by other parties, so for them
> same-origin restrictions are of interest in protecting these corporate
> assets in the same way as protecting corporate information.
> 
> John Hudson
> 

Received on Monday, 7 June 2010 20:26:31 UTC