Re: New work on fonts at W3C

On Jun 20, 2009, at 5:15 AM, Robert O'Callahan wrote:

> On Sat, Jun 20, 2009 at 11:55 PM, Anne van Kesteren  
> <annevk@opera.com> wrote:
> On Sat, 20 Jun 2009 13:26:19 +0200, Robert O'Callahan <robert@ocallahan.org 
> > wrote:
> On Sat, Jun 20, 2009 at 10:29 PM, Anne van Kesteren  
> <annevk@opera.com>wrote:
> I'm not sure we should have cross-origin restrictions on font loading
> though. Mozilla implemented this, but it seems really inconsistent  
> with
> similar APIs, e.g. <img> and <script>
>
> If we could have cross-origin restrictions on <img> and <script>  
> without
> breaking the Web, we would.
>
> My point is that since we do not have cross-origin restrictions for  
> all those various other ways to load resources cross-origin (<link>,  
> <script>, <img>, <video>, <audio>, <form>, <svg:image>, 'content',  
> 'background-image', 'list-style-image', 'cursor', and probably more)  
> it does not make sense to impose such a restriction here.
>
> I don't think it's valuable to be consistent with a model that is  
> fundamentally insecure and deprives authors of control over who uses  
> their resources.
>

It is valuable to have a single standard for how cross-origin  
restrictions are handled, whether for images, scripts, fonts, or  
anything else, and that's what CORS is. 

Received on Saturday, 20 June 2009 17:06:05 UTC