W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

RE: same-origin restrictions and EULA (Re: A way forward)

From: Sylvain Galineau <sylvaing@microsoft.com>
Date: Sat, 25 Jul 2009 16:10:44 +0000
To: Chris Fynn <cfynn@gmx.net>, www-font <www-font@w3.org>
Message-ID: <045A765940533D4CA4933A4A7E32597E02101DE9@TK5EX14MBXC120.redmond.corp.microsoft.com>
>From: Chris Fynn [mailto:cfynn@gmx.net]
>Sent: Saturday, July 25, 2009 1:41 AM
>To: www-font
>Cc: Sylvain Galineau
>Subject: same-origin restrictions and EULA (Re: A way forward)
>If same origin restrictions are enforced by the UA how can an EULA
>reasonably require them? Surely web authors cannot be held responsible
>for how particular browsers accessing their sites happen to behave in
>this regard. Or is the server supposed to check each time which UA is
>accessing the site and only serve web fonts to those it knows enforce
>same-origin restrictions?

One of the features that made EOT attractive to font vendors in the past
was rootstrings. They're essentially a hardcoded same-origin policy embedded
in the file. If the new format does not have rootstrings it is fair to ask
whether the EULA will require same-origin to be enforced in another way.

If it does, then the EOT-Lite may have a problem since a) the files have
a null rootstring and b) the IE installed base (the reach of which makes
EOT-Lite relatively attractive in the short/medium) term would thus not
do any same-origin check by default.

Received on Saturday, 25 July 2009 16:11:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:32 UTC