RE: the discussion is over, resistance time

>-----Original Message-----
>From: Thomas Lord []
>Well, let's recognize that there is a
>difference between a negotiation with a
>server about whether that server chooses
>to provide a font file and a restriction
>upon what a client program is permitted to
>with a font file that is already in hand.
>Do you understand that difference?  We
>can talk about the significance of that
>difference if you have doubts about it but
>for starters - you see that distinction, right?

Same-origin checks are performed on the client, where the latter verifies the origin of a resource matches that of the context (usually document) requesting it.
There is no negotiation with a server involved, whether the origin domain is explicitly specified and embedded in the resource or implicitly assumed to be specified by
that resource's URL.

So the server does not 'choose' anything. The author sets the rootstrings. The client verifies the rootstring is appropriate for the context in which the resource
is being used.

So before you lecture me about the significance of any difference, we may want to agree on what 'same-origin check' means to you. Because I don't recognize it in your comment.

Received on Friday, 3 July 2009 00:34:11 UTC