- From: Håkon Wium Lie <howcome@opera.com>
- Date: Thu, 17 Feb 2011 10:58:31 +0100
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Chris Lilley <chris@w3.org>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
Maciej Stachowiak wrote:
> I believe there are three separate dimensions to the From-Origin
> proposal:
>
> (1) Define any embedding restrictions related to fonts as part of
> the CSS3 Fonts spec (the place where @font-face is defined) instead
> of as part of the WOFF file format spec, so the rules apply
> consistently to all fonts.
>
> (2) Instead of using CORS headers to change the defaults for
> allowing font embedding, use a proposed new mechanism for limiting
> hotlinking (From-Origin) that can apply to any resource type.
>
> (3) Change the default to be that cross-site font embedding is
> allowed (as opposed to presuming "From-Origin: same" in the absence
> of a From-Origin header for @font-face).
>
> I think that on the call, we had rough consensus on #1 and #2.
This is good.
> #3 still seems controversial. Most of those who spoke up on today's
> telecon believed that the default should still be to forbid
> cross-site font embedding by default. I personally disagreed and
> thought it was better to make fonts consistent with other resource
> types.
Yes, it seems better to not have resource-specific defaults.
-h&kon
Håkon Wium Lie CTO °þe®ª
howcome@opera.com http://people.opera.com/howcome
Received on Thursday, 17 February 2011 09:59:17 UTC