Re: SOR: CORS or From-Origin?

On Feb 10, 2011, at 15:56 , Levantovsky, Vladimir wrote:

> 
> I think this could be a very good alternative to CORS. "From Origin" header would work exactly as proposed if present. However, the default behavior can be specified by the WOFF spec that in absence of "From Origin" header must be treated as if "From Origin: same" is set. In my admittedly 'under-educated' opinion, this would resolve all the concerns that Håkon and Anne had presented (i.e. the same "From Origin" header can be used with any other media type "without causing havoc"), and the only difference is that the alternative default behavior is specified by WOFF spec.
> 
> As Håkon said, if "From Origin" can be spec'ed quickly, this might be the way to eliminate the dependency on CORS.
> 
> Comments?

I think there may be some opposition to a type-specific rule (e.g. "for files with the type WOFF"), and some discussion of the alternative link-specific rule ("for files linked from CSS font-face").  My understanding is that at least some of the current implementations of CORS/SOR are in fact, not type-specific but link-specific.

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Friday, 11 February 2011 00:08:35 UTC