- From: Sylvain Galineau <sylvaing@microsoft.com>
- Date: Fri, 3 Jul 2009 00:33:29 +0000
- To: Thomas Lord <lord@emf.net>
- CC: luke whitmore <lwhitmore@gmail.com>, "www-font@w3.org" <www-font@w3.org>
>-----Original Message----- >From: Thomas Lord [mailto:lord@emf.net] >Well, let's recognize that there is a >difference between a negotiation with a >server about whether that server chooses >to provide a font file and a restriction >upon what a client program is permitted to >with a font file that is already in hand. > >Do you understand that difference? We >can talk about the significance of that >difference if you have doubts about it but >for starters - you see that distinction, right? Same-origin checks are performed on the client, where the latter verifies the origin of a resource matches that of the context (usually document) requesting it. There is no negotiation with a server involved, whether the origin domain is explicitly specified and embedded in the resource or implicitly assumed to be specified by that resource's URL. So the server does not 'choose' anything. The author sets the rootstrings. The client verifies the rootstring is appropriate for the context in which the resource is being used. So before you lecture me about the significance of any difference, we may want to agree on what 'same-origin check' means to you. Because I don't recognize it in your comment.
Received on Friday, 3 July 2009 00:34:11 UTC