Håkon Wium Lie wrote: > Same-origin restrictions (SOR), by way of CORS, is described in > the current WOFF WD. As we have seen on this list, the use of > CORS is seeing some resistance in the web community. I believe > it's in the interest of this WG to try address the concerns > raised. I think this is a confusing way of describing the issue with same-origin restrictions on fonts. CORS is a mechanism for *relaxing* a same origin restriction, it's not a mechanism to *enforce* a same origin restriction. I think there are two separate issues here: 1. What should be the default load behavior for cross-origin font requests? 2. How can authors modify the default behavior? The existing same-origin restriction for WOFF is that by default cross-origin font requests aren't loaded but that this behavior can be modified by authors using the CORS mechanism. What Anne is proposing is that by default cross-origin font requests *are* loaded, just as images and scripts are loaded. But authors can restrict cross-site usage of *any* resource type by adding an appropriate 'From-Origin' header. The default load behavior is the real issue here, the mechanism for relaxing/tightening this is more interesting mechanics. As both Dave and Sylvain have pointed out, removing the default load restriction on cross-origin font resources means that authors would always need to change response header settings to satisfy common licensing requirements for commercial fonts. If cross-origin fonts are restricted by default they wouldn't need to do this. Note that it's also possible to have cross-origin font resources restricted by default *and* allow other types to be restricted via something like Anne's 'From-Origin' mechanism. I'm quite sure Anne doesn't like that though. ;) It would be good to get a clear response from Apple as to what their position is and the reasoning behind it. Regards, John Daggett cc: AnneReceived on Thursday, 10 February 2011 04:39:44 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:04:24 UTC