Re: css3-fonts: should not dictate usage policy with respect to origin

On 20 Jun 2011, at 22:48, Glenn Adams wrote:

> A simple use case:
> 	• a font server in the cloud wishes to provide fonts for reference by arbitrary authors without restrictions on access;
> 	• a web page author creates a page that references that font and places the page on a server in a different domain;
> 	• the web page author expects that a UA will download the font and use it;
> 	• the web page author does not expect to have to configure its server to include the entity headers to relax same-origin restrictions;

It appears from this example that you have misunderstood how the same-origin policy operates.

The web page author in this scenario is _not_ responsible to configure anything in order to relax same-origin restrictions; indeed, as currently specified, the web page author is not _able_ to do so. It is the prerogative of the font server to determine whether or not the resources it serves may be used by arbitrary authors or are available only to specified sites. It is both the right and the responsibility of the webmaster configuring the font server - not the web page author - to configure this server appropriately.

JK

Received on Monday, 20 June 2011 22:06:16 UTC