Re: New work on fonts at W3C from Brad Kemper on 2009-06-20 (www-style@w3.org from June 2009)

From: Brad Kemper <brad.kemper@gmail.com>
Date: Sat, 20 Jun 2009 08:07:06 -0700
To: Anne van Kesteren <annevk@opera.com>
Cc: John Daggett <jdaggett@mozilla.com>, "www-style@w3.org" <www-style@w3.org>
Message-Id: <F189BE43-93B2-4BD2-9069-AE1199DAB93F@gmail.com>

On Jun 20, 2009, at 3:29 AM, "Anne van Kesteren" <annevk@opera.com>  
wrote:

> On Fri, 19 Jun 2009 18:16:14 +0200, Brad Kemper  
> <brad.kemper@gmail.com> wrote:
>> Doesn't CORS have to deal with all that anyway? At some point, in  
>> order
>> to make CORS versions of root strings work (as per the current  
>> working
>> draft[2]), someone has to enter a list of "source origin strings"
>> somewhere for each resource you want to restrict, and then the server
>> needs to look at that list in order to know how to set the HTTP  
>> headers.
>> I'm just suggesting that the server could look at the list in the  
>> font
>> itself in order to automatically set the list that CORS uses for that
>> font.
>
> I'm not sure we should have cross-origin restrictions on font  
> loading though. Mozilla implemented this, but it seems really  
> inconsistent with similar APIs, e.g. <img> and <script>, or, to  
> stick with CSS, 'list-style-image' and friends.

I didn't mean it should be restricted by default. Just that CORS could  
restrict it like anything else if you told it to. And that the font  
could instruct the CORS mechanism.

I could well imagine buying a font license that restricted me to  
making it available on a limited number of domains and/or servers (a  
number I agreed to at time of purchase or upgrade). If so, then I  
would not have a problem with a field of text somewhere within the  
font itself that told the CORS server plug-in what those domins and/or  
servers were, as long as this could be set and changed easily.

Thus, I might buy the license to use the font on three domains and up  
to four servers on one of those domains, but maybe I don't add the  
third or fourth server until later, or maybe I upgrade the license to  
ten servers. I want to be able to use a simple software program  
(authored by anyone without restriction) to make this change to the  
text in the font that my CORS server plug-in would look at.

>
>> 2.
>> http://www.w3.org/TR/access-control/#access-control-allow-origin-response-hea

Received on Saturday, 20 June 2009 15:07:48 UTC