- From: Brad Kemper <brkemper@comcast.net>
- Date: Tue, 15 Apr 2008 09:51:49 -0700
- To: Patrick Garies <pgaries@fastmail.us>
- Cc: www-style@w3.org
On Apr 15, 2008, at 9:17 AM, Patrick Garies wrote: > > Brad Kemper wrote: >> Cross-domain fonts would save a lot of downloading if there was a way >> to ensure that it was the exact same font, without having to download >> it twice. Also, what exactly qualifies as cross-domain? If I have >> www.mydomain.com <http://www.mydomain.com> with a downloadable font, >> will my users have to download the font again in order to use it at >> ordering.mydomain.com? Sometimes third level domains are all >> controlled by the same entities, sometimes not. > > Brad, what I meant was that a font should not be cached and then > accessible by name reference only (i.e., without an |@font-face| > rule) even within an application (i.e., a UA). When I think about it > more carefully, this isn’t a cross‐domain issue at all since name > only references should not work even within a domain; it seems that > I misspoke. > > In other words, I shouldn’t be able to use |@font-face { src: url("http://www.example.org/font.t > tf") /* ExampleFont */; }|, have ExampleFont cached, and then access > ExampleFont on some page without an |@font-face| rule as if it had > been installed on the OS. I see. So, for instance, you would want to prevent someone from, say, associating helvetica or arial with a downloadable font full of company logos or pornographic cartoons, etc. That seems wise, but it still means the exact same (popular) font might end up being downloaded multiple times from every site that uses it. Anyone know if Webkit works that way? I would prefer if it could be downloaded once and then used from any page with an @font-face specifying the same font name, provided there could be some sort of quick check that it was the exact same font (digital signatures or something, perhaps). > Caching shouldn’t be an issue here as long as the font is always > referenced at the same URI. Which in turn means that I will need a separate version for my https site than for my http site, right? Otherwise the browser might display some sort of warning about mixed security on the page if I have the http URI on the https page, right? Any way around that? I suppose if IE was the only one to display those annoying alerts (that most people ignore but some people are alarmed by), then it wouldn't matter much, since MS seems to be against supporting font downloads that are not in their EOT format anyway. Or would IE display the alert anyway, even though it wouldn't load the font? I wouldn't presume that IE would suppress the alert when it didn't matter; that would probably make too much sense, and I've long ago given up on IE having reasonable, logical, predictable behavior. > > > — Patrick Garies > >
Received on Tuesday, 15 April 2008 16:52:28 UTC