- From: John Daggett <jdaggett@mozilla.com>
- Date: Sun, 2 Aug 2009 20:15:55 -0700 (PDT)
- To: www-font <www-font@w3.org>
John Hudson wrote: > > It is clear, however, that if you only have the ability to upload files > > to a Web server, but you can't configure it to the level of examining > > Referer headers, then you won't be able to use Referer checking while > > you could still use rootstrings, however painful they might be in your > > workflow. It is also well-known that many firewalls strip Referer > > headers so users behind those firewalls will never see fonts controlled > > by Referer checking. That is why I think rootstrings would more > > attractive to authors than Referer checking. > > Aha. So the concern is not font vendors requiring rootstrings per se, > but authors preferring rootstrings as a method to meet more generally > phrased EULA requirements. Interesting. Not sure how you deduced this point. Root strings are clumsy but referrer checking is even more clumsy, both affect how EULAs are written in strange and interesting ways. > That said, I expect a great many web fonts commercially licensed from > font makers to contain URL data, either at the wrapper level in > something like .webfont, or in the font data itself in either a > private or to-be-standardised table regardless of the web font format. > Browsers won't be required to do anything with this information, of > course, and in the case of a font table won't even be aware that the > data is there (unrecognised font tables are ignorable). This > information may be required in the EULA, though, and provides a means > to check whether a font is being hotlinked from an unauthorised URL. I think you mean "to check whether an unlicensed font is being served". You don't need any special URL data in the wrapper or font data to check for cross-site usage. You would need it if you want to assure that siteA is not serving fonts licensed to siteB.
Received on Monday, 3 August 2009 03:16:37 UTC