- From: Levantovsky, Vladimir <Vladimir.Levantovsky@monotype.com>
- Date: Tue, 4 Mar 2014 16:37:00 +0000
- To: David Kuettel <kuettel@google.com>, Sergey Malkin <sergeym@microsoft.com>
- CC: "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
- Message-ID: <79E5B05BFEBAF5418BCB714B43F4419935F79774@wob-mail-01>
Hi David, all, CORS and (IMO, even more important) same-origin restriction have been, as Sergey mentioned, a significant part of the early WOFF 1.0 discussions - as a result the importance of doing this was understood to be universal to all web fonts and not just those delivered in WOFF format. Hence, the requirement was moved from WOFF specification to CSS Font Module and (as Sergey said) is a MUST. I'd like to add that I believe the same-origin restriction, designed to prevent deep linking and hijacking of bandwidth and resources (I remember Sylvain once characterized this as "death by thousands cuts", which is very appropriate and telling) isn't so much a tool for font IP protection, but most importantly is one of the fundamental agreements we reached as a group, so in essence - same-origin restriction and CORS as a mechanism to relax it are "life-saving" web technologies and according to the spec MUST be supported by all user agents. I would strongly support elevating the priority of the Chrome bug and fixing it ASAP by adding SOR and CORS support to reinforce the spirit of collaboration that the WG has demonstrated while discussing this particular component of the spec. Thank you, Vlad From: David Kuettel [mailto:kuettel@google.com] Sent: Monday, March 03, 2014 8:49 PM To: Sergey Malkin Cc: public-webfonts-wg@w3.org Subject: Re: CORS support font font loading in different browsers On Sat, Mar 1, 2014 at 11:16 AM, Sergey Malkin <sergeym@microsoft.com<mailto:sergeym@microsoft.com>> wrote: Hello David, Did you hear back from Chrome team? Same origin restriction is probably most important mechanism of protecting font IP on the Web, but it doesn't work if it is not working in one of the most used user agents. Kenji-san found the following tracking bug for CORS support in Chrome: https://code.google.com/p/chromium/issues/detail?id=28668 This would be a great one to vote for (by staring) as I just did. Thank you Sergey! Thanks, Sergey From: David Kuettel<mailto:kuettel@google.com> Sent: Friday, February 21, 2014 6:47 PM To: Sergey Malkin<mailto:sergeym@microsoft.com> Cc: public-webfonts-wg@w3.org<mailto:public-webfonts-wg@w3.org> Hello Sergey, On Fri, Feb 21, 2014 at 4:30 PM, Sergey Malkin <sergeym@microsoft.com<mailto:sergeym@microsoft.com>> wrote: Hi, I checked CORS support for @font-face font download in different browsers. It appears like IE and Firefox apply CORS, but Chrome doesn't (I only had Windows desktop versions). Is this correct or am I missing something? That is my understanding of the current behavior as well. If yes, what are the plans for Chrome/WebKit/Blink to implement it, for different platforms? Requirement to apply CORS is MUST in CSS Fonts spec and as I remember Chrome team(Tab?) was not opposed to doing this two years ago. Let me check and see... Thank you, David Thanks, Sergey P.S. What www-fonts@w3.org<mailto:www-fonts@w3.org> list is used for?
Received on Tuesday, 4 March 2014 16:37:26 UTC