From: www-font-request@w3.org [mailto:www-font-request@w3.org] On Behalf Of Robert O'Callahan
Sent: Friday, July 24, 2009 5:55 PM
To: Sylvain Galineau
Cc: John Daggett; www-font
Subject: Re: A way forward
On Sat, Jul 25, 2009 at 9:43 AM, Sylvain Galineau <sylvaing@microsoft.com> wrote:
If the EULA requires same-origin restrictions, then Firefox is the only browser
that can implement EOT-Lite and comply with this EULA in the very near term.
Are font vendors willing to license fonts for use in the EOT-Lite format and with no requirement for same-origin restrictions?
If they are, I'm surprised.
If they're not, then EOT-Lite isn't very useful, since serving non-free fonts to IE users (its great advantage) will require burdensome and fragile Referer checking.
I believe there is a simple work-around to resolve this problem. Root string in EOT-Lite does not have to be empty, it may contain the domain name of the origin that will simply be ignored by all other browsers except IE. When EOT-Lite is processed by Firefox and other browsers – the root string is ignored and same origin restriction is applied. For legacy IE browsers – the root string will serve the same purpose of same origin restriction and, therefore, no need to require Referrer checking.
Vladimir
Rob
--
"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]