- From: Chris Lilley <chris@w3.org>
- Date: Thu, 3 Mar 2011 23:07:28 +0100
- To: "WebFonts WG" <public-webfonts-wg@w3.org>
Hello WebFonts WG, Here is my proposed text for the 'at risk' wording. First as plain text, for email readability then the same thing marked up for the document. Both editorial notes are of the form 'if CSS3 Fonts adds it, we will remove ours". At the end of the 'status of this document' section, add: This document identifies two features as being at risk: the default Same Origin Restriction (SOR) and the mechanism used to relax the SOR, Cross Origin Resource Sharing (CORS). Split the first paragraph of 'General Requirements' so that SOR and CORS are in separate paragraphs: containing document is used. <- split here -> User agents MUST also After the new first paragraph, about SOR, add an editorial note: Feature at risk: The WebFonts WG believes that the default Same-Origin restriction would be better applied to all fonts referenced from @font-face, rather than one specific format. Therefore, if CSS3 Fonts adds a normative requirement for a Same-Origin restriction,the WebFonts WG will drop it from the WOFF specification and instead refer to CSS3 Fonts. After the second paragraph, about CORS, add a second editorial note: Feature at risk: The WebFonts WG suspects that the From-Origin header may be a better way to infer a default Same-Origin for fonts, and the same mechanism can also be used to relax the restriction to allow font sharing across domains. Therefore, once CSS3 Fonts mandates a mechanism, WebFonts WG will drop the requirement to use CORS from this specification. ===================================================== end of SOTD <p>This document identifies two features as being <p> <a href="http://www.w3.org/2005/10/Process-20051014/tr.html#cfi">at risk</a>: the <a href="#atrisk-SOR">default Same Origin Restriction (SOR)</a> and the <a href="#atrisk-CORS">mechanism used to relax the SOR, Cross Origin Resource Sharing (CORS)</a>.</p> replacement for entire first para of General Requirements <p>The primary purpose of the WOFF format is to package fonts linked to Web documents by means of CSS <tt>@font-face</tt> rules. <span class="conform ua" id="conform-same-origin">When using such fonts, user agents MUST implement a 'same-origin restriction' on the downloading of WOFF files using the same-origin matching algorithm described in the HTML5 specification</span> ([<cite><a href="#ref-HTML5">HTML5</a> <a href="http://www.w3.org/TR/html5/origin-0.html#origin-0">Section 5.3: Origin</a></cite>]). <span class="conform ua" id="conform-doc-origin">The origin of the stylesheet containing <tt>@font-face</tt> declarations is not used when deciding whether a WOFF file is same-origin or not, only the origin of containing document is used</span>.</p> <p class="ednote">Feature at risk: The WebFonts WG believes that the default Same-Origin restriction would be better applied to all fonts referenced from <tt>@font-face</tt>, rather than one specific format. Therefore, if CSS3 Fonts [<cite><a href="#ref-CSS3-Fonts">CSS3-Fonts</a></cite>]adds a normative requirement for a Same-Origin restriction,the WebFonts WG will drop it from the WOFF specification and instead refer to CSS3 Fonts.</p> <p><span class="conform ua" id="conform-cors">User agents MUST also implement the ability to relax this restriction using Cross-Origin Resource Sharing</span> [<cite><a href="#ref-CORS">CORS</a></cite>]. Thus, sites can explicitly allow cross-site downloading of WOFF files using the <tt>Access-Control-Allow-Origin</tt> HTTP header.</p> <p class="ednote">Feature at risk: The WebFonts WG suspects that the From-Origin header may be a better way to infer a default Same-Origin for fonts, and the same mechanism can also be used to relax the restriction to allow font sharing across domains. Therefore, once CSS3 Fonts [<cite><a href="#ref-CSS3-Fonts">CSS3-Fonts</a></cite>] mandates a mechanism, WebFonts WG will drop the requirement to use CORS from this specification.</p> -- Chris Lilley Technical Director, Interaction Domain W3C Graphics Activity Lead, Fonts Activity Lead Co-Chair, W3C Hypertext CG Member, CSS, WebFonts, SVG Working Groups
Received on Thursday, 3 March 2011 22:07:26 UTC