Re: WOFF without same origin restriction in Opera? from Behdad Esfahbod on 2011-01-26 (public-webfonts-wg@w3.org from January 2011)

From: Behdad Esfahbod <behdad@google.com>
Date: Wed, 26 Jan 2011 13:37:45 -0500
To: Sylvain Galineau <sylvaing@microsoft.com>
Cc: John Hudson <tiro@tiro.com>, WOFF Working Group <public-webfonts-wg@w3.org>
Message-ID: <AANLkTi=JVr6v=EpUH_daCLMwommag85xgH+OYc1eUxkY@mail.gmail.com>

On Wed, Jan 26, 2011 at 1:16 PM, Sylvain Galineau <sylvaing@microsoft.com>wrote:

>  It doesn’t always work and requires work on the part of the web site to
> implement it (not all sites do referrer checking for their images, or all
> their images). Having the browser enforce same-origin by default requires
> zero work on the site’s behalf to comply with the most common web font
> license requirement today.
>
>
>
> But if some browsers choose to ignore this requirement then web sites may
> have to implement Referrer checks for those browsers anyway. It’s unclear
> why we should be making their lives harder than they need to be, or how it
> helps web typography adoption.
>
> It must be noted that other solutions were proposed before WOFF; one of
> them was judged inadequate in part because it would have relied on
> unreliable and cumbersome Referrer checks.
>

So, in trying to solve the fonts-on-the-web problem, the WG decided that the
current solutions are inadequate for the foundries, and invented an
architecture that the foundries think is what they want, but left the rest
of the world scratching their head trying to get it work on the web?  As in,
now anyone who want to share their fonts either has to not use WOFF, or be
bothered to implement CORS on their server...

Unimpressed,
behdad



>
>
> *From:* public-webfonts-wg-request@w3.org [mailto:
> public-webfonts-wg-request@w3.org] *On Behalf Of *Behdad Esfahbod
> *Sent:* Wednesday, January 26, 2011 9:50 AM
> *To:* John Hudson
> *Cc:* WOFF Working Group
> *Subject:* Re: WOFF without same origin restriction in Opera?
>
>
>
> On Tue, Jan 25, 2011 at 12:44 PM, John Hudson <tiro@tiro.com> wrote:
>
>
>
> Opera have had plenty of opportunity to make a formal objection to SOR in
> the WOFF specification. We're at last call for comments and they have not
> done so. Håkon made no objection at the face-to-face in Lyon. Maybe someone
> at Opera thinks they can do an end run by producing an implementation that
> ignores this MUST clause, but I think they're just going to end up being
> non-conformant. Maybe they'd listen to one of their own customers who wants
> to protect an investment in a font asset?
>
>
>
> What's wrong with protecting one's assets by instructing the server to only
> serve certain Referrer's?  People have been doing that for images for ages.
>
>
>
> behdad
>
>
>
>
>
>
> JH
>
>

Received on Wednesday, 26 January 2011 18:38:35 UTC