RE: SOR: CORS or From-Origin?

On Wednesday, February 16, 2011 2:32 PM Maciej Stachowiak wrote:
> 
> Previously, it was argued that CORS to opt into sharing is a low
> burden, since adding a fixed request header is much easier than
> checking an incoming response header. If it is indeed easy for content
> authors to add fixed response headers (and I do believe that is the
> case), then it is not an undue burden to do this to restrict font
> hotlinking. 

I guess we should also take into consideration how often something would have to be done, and the level of knowledge and skills of the person doing it. I agree that adding a fixed response header would be considered a low burden for a small number of professional, highly-skilled web developers who may have a need to relax SOR restriction. However, requiring the same to be done by *everyone* to put SOR in place seems like a much higher burden.

Regards,
Vlad

Received on Wednesday, 16 February 2011 20:45:46 UTC