W3C home > Mailing lists > Public > www-font@w3.org > April to June 2010

Re: What constitutes protection [was: About using CORS]

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 04 May 2010 14:57:00 +0900
To: "Robert O'Callahan" <robert@ocallahan.org>
Cc: "John Hudson" <tiro@tiro.com>, "Sylvain Galineau" <sylvaing@microsoft.com>, www-font@w3.org
Message-ID: <op.vb52tabb64w2qv@annevk-t60>
On Tue, 04 May 2010 14:09:01 +0900, Robert O'Callahan  
<robert@ocallahan.org> wrote:
> I think all you can say is that imposing a same-origin check when not  
> needed to control information leakage is inconsistent with past practice  
> for other resource types. IMHO that's a pretty weak argument if there  
> are good
> benefits to be obtained by imposing it.

I understand that. My personal opinion is that is important and not weak  
at all, but I cannot quite capture it in words.

Quite surprised to hear that authors actually complained about not being  
able to link video files cross-origin. Did not expect that. I wonder if  
fonts have reached enough critical mass yet that sites with special  
servers for static resources and content distribution networks etc. have  
started using them. Would be interesting to know what they think. They  
might not like it for instance if stripping of some headers by an  
intermediary renders the site in some horrible fallback font. It seems  
same-origin licensing requirements would also be a problem for these sites.

The WOFF implementation that landed in Chromium does not use CORS by the  

Anne van Kesteren
Received on Tuesday, 4 May 2010 05:57:49 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:34 UTC