- From: Levantovsky, Vladimir <Vladimir.Levantovsky@monotype.com>
- Date: Wed, 5 Mar 2014 15:51:36 +0000
- To: Kenji Baheux <kenjibaheux@chromium.org>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
- Message-ID: <79E5B05BFEBAF5418BCB714B43F4419935F7D4E2@wob-mail-01>
Thank you Kenji, I’d like to add that the subject of same-origin restriction and CORS has been (at some point in June 2011) discussed in details across many email lists [1], and the decisions that were made as a result of that discussion had also been discussed during the joint meeting of W3C CSS, WebFonts and WebApps groups at TPAC 2011. It was generally agreed that same-origin restriction serves the best interests of the web server owners hosting any kind of resources that can be shared, and that the only way this solution can be effective is if all web browsers support it. (It was also mentioned that in hindsight SOR and CORS should have been developed and applied to the whole web much earlier, to prevent unauthorized deep linking for any type of the resources including images, but it was also understood that making any retroactive changes would have been very damaging for the web because of the established expectations. This is why everybody has agreed that when the new web resource such as webfonts is introduced - having SOR and CORS in place from the beginning will established proper expectations and behavior.) This was the essence of the agreement we reached in 2011, and Google’s position on the subject played a significant role (see excellent arguments for SOR that Tab Atkins made). I would really appreciate if you could prioritize this fix - the popularity of Chrome browser is unprecedented, and its behavior became a de-facto standard for many web developers. Allowing cross-origin resource loading without proper access control mechanism in place is damaging on multiple different levels, but the biggest threat is that it promotes a type of behavior that we all agreed should have been prevented in the first place. Thank you, Vlad [1] http://lists.w3.org/Archives/Public/www-style/2011Jun/thread.html (look for the longest thread) From: kenjibaheux@google.com [mailto:kenjibaheux@google.com] On Behalf Of Kenji Baheux Sent: Wednesday, March 05, 2014 1:51 AM To: public-webfonts-wg@w3.org Subject: RE: CORS support font font loading in different browsers Just to let you know that I am on the side of supporting this and hereby confirm that it's on the web font roadmap for Chrome/Blink. Unfortunately, I can't provide any ETA yet. You can show your interest by starring the bug (essentially a vote) so that it gets adequately prioritized when we decide on what we ought to work on next. https://code.google.com/p/chromium/issues/detail?id=286681 Optionally, feel free to provide more context to demonstrate how much this is important for you on the bug (or keep discussing in this thread, if appropriate). Alternatively, you can email me if you can't comment publicly. Best,
Received on Wednesday, 5 March 2014 15:52:03 UTC