- From: David Kuettel <kuettel@google.com>
- Date: Tue, 4 Mar 2014 08:47:34 -0800
- To: "Levantovsky, Vladimir" <Vladimir.Levantovsky@monotype.com>
- Cc: Sergey Malkin <sergeym@microsoft.com>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
- Message-ID: <CAAYUqgErPAxEftXgcwcTyGrZGHx-04xUQsFt-vACZifJ8e2LqA@mail.gmail.com>
Thank you Vlad, the background is most helpful. I have passed this on to the team. On Tue, Mar 4, 2014 at 8:37 AM, Levantovsky, Vladimir < Vladimir.Levantovsky@monotype.com> wrote: > Hi David, all, > > > > CORS and (IMO, even more important) same-origin restriction have been, as > Sergey mentioned, a significant part of the early WOFF 1.0 discussions - as > a result the importance of doing this was understood to be universal to all > web fonts and not just those delivered in WOFF format. Hence, the > requirement was moved from WOFF specification to CSS Font Module and (as > Sergey said) is a MUST. > > > > I'd like to add that I believe the same-origin restriction, designed to > prevent deep linking and hijacking of bandwidth and resources (I remember > Sylvain once characterized this as "death by thousands cuts", which is very > appropriate and telling) isn't so much a tool for font IP protection, but > most importantly is one of the fundamental agreements we reached as a > group, so in essence - same-origin restriction and CORS as a mechanism to > relax it are "life-saving" web technologies and according to the spec MUST > be supported by all user agents. I would strongly support elevating the > priority of the Chrome bug and fixing it ASAP by adding SOR and CORS > support to reinforce the spirit of collaboration that the WG has > demonstrated while discussing this particular component of the spec. > > > > Thank you, > > Vlad > > > > > > *From:* David Kuettel [mailto:kuettel@google.com] > *Sent:* Monday, March 03, 2014 8:49 PM > > *To:* Sergey Malkin > *Cc:* public-webfonts-wg@w3.org > *Subject:* Re: CORS support font font loading in different browsers > > > > > > On Sat, Mar 1, 2014 at 11:16 AM, Sergey Malkin <sergeym@microsoft.com> > wrote: > > Hello David, > > > > Did you hear back from Chrome team? Same origin restriction is probably > most important mechanism of protecting font IP on the Web, but it doesn't > work if it is not working in one of the most used user agents. > > > > Kenji-san found the following tracking bug for CORS support in Chrome: > > https://code.google.com/p/chromium/issues/detail?id=28668 > > > > This would be a great one to vote for (by staring) as I just did. > > > > Thank you Sergey! > > > > Thanks, > > Sergey > > > > *From:* David Kuettel <kuettel@google.com> > *Sent:* Friday, February 21, 2014 6:47 PM > *To:* Sergey Malkin <sergeym@microsoft.com> > *Cc:* public-webfonts-wg@w3.org > > > > Hello Sergey, > > > > On Fri, Feb 21, 2014 at 4:30 PM, Sergey Malkin <sergeym@microsoft.com> > wrote: > > Hi, > > I checked CORS support for @font-face font download in different browsers. > It appears like IE and Firefox apply CORS, but Chrome doesn't (I only had > Windows desktop versions). Is this correct or am I missing something? > > > > That is my understanding of the current behavior as well. > > > If yes, what are the plans for Chrome/WebKit/Blink to implement it, for > different platforms? Requirement to apply CORS is MUST in CSS Fonts spec > and as I remember Chrome team(Tab?) was not opposed to doing this two years > ago. > > > > Let me check and see... > > > > Thank you, > > David > > > Thanks, > Sergey > > P.S. What www-fonts@w3.org list is used for? > > > > > > >
Received on Tuesday, 4 March 2014 16:48:23 UTC