Re: New work on fonts at W3C

From: "Anne van Kesteren" <annevk@opera.com>
Sent: Saturday, June 20, 2009 1:55 PM
To: <robert@ocallahan.org>
Cc: "Brad Kemper" <brad.kemper@gmail.com>; "John Daggett"
<jdaggett@mozilla.com>; <www-style@w3.org>
Subject: Re: New work on fonts at W3C

> On Sat, 20 Jun 2009 13:26:19 +0200, Robert O'Callahan
> <robert@ocallahan.org> wrote:
>> On Sat, Jun 20, 2009 at 10:29 PM, Anne van Kesteren
>> <annevk@opera.com>wrote:
>>> I'm not sure we should have cross-origin restrictions on font loading
>>> though. Mozilla implemented this, but it seems really inconsistent with
>>> similar APIs, e.g. <img> and <script>
>>
>> If we could have cross-origin restrictions on <img> and <script> without
>> breaking the Web, we would.
>
> My point is that since we do not have cross-origin restrictions for all
> those various other ways to load resources cross-origin (<link>, <script>,
> <img>, <video>, <audio>, <form>, <svg:image>, 'content',
> 'background-image', 'list-style-image', 'cursor', and probably more) it
> does not make sense to impose such a restriction here.

Fully agree. Except if the site provide a X-Allow-... header. If such an
header is present, urls that don't match the criteria should not be
allowed to acceed to the ressource. This simple principe could be
applied on the whole web without having problem with old content,
that doens't contains the header.

It would be a similar system that what is already done with the
XMLHttpRequest object, except that if no header is present, the
ressource (font, image, video) can be used while whit XHR no
header means no autorisation.

What do you think of it ?

> -- 
> Anne van Kesteren
> http://annevankesteren.nl/
> 

Received on Saturday, 20 June 2009 19:48:05 UTC