- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 04 May 2010 14:57:00 +0900
- To: "Robert O'Callahan" <robert@ocallahan.org>
- Cc: "John Hudson" <tiro@tiro.com>, "Sylvain Galineau" <sylvaing@microsoft.com>, www-font@w3.org
On Tue, 04 May 2010 14:09:01 +0900, Robert O'Callahan <robert@ocallahan.org> wrote: > I think all you can say is that imposing a same-origin check when not > needed to control information leakage is inconsistent with past practice > for other resource types. IMHO that's a pretty weak argument if there > are good > benefits to be obtained by imposing it. I understand that. My personal opinion is that is important and not weak at all, but I cannot quite capture it in words. Quite surprised to hear that authors actually complained about not being able to link video files cross-origin. Did not expect that. I wonder if fonts have reached enough critical mass yet that sites with special servers for static resources and content distribution networks etc. have started using them. Would be interesting to know what they think. They might not like it for instance if stripping of some headers by an intermediary renders the site in some horrible fallback font. It seems same-origin licensing requirements would also be a problem for these sites. The WOFF implementation that landed in Chromium does not use CORS by the way. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 4 May 2010 05:57:49 UTC