- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Fri, 26 Jun 2009 10:22:31 +1200
- To: Jonathan Kew <jonathan@jfkew.plus.com>
- Cc: Aryeh Gregor <Simetrical+w3c@gmail.com>, www-style@w3.org
- Message-ID: <11e306600906251522o5637752dxadd52346b060e78a@mail.gmail.com>
On Fri, Jun 26, 2009 at 5:44 AM, Jonathan Kew <jonathan@jfkew.plus.com>wrote: > On 25 Jun 2009, at 17:55, Aryeh Gregor wrote: > > On Thu, Jun 25, 2009 at 12:43 PM, Levantovsky, >> Vladimir<Vladimir.Levantovsky@monotypeimaging.com> wrote: >> >>> There are other ways to block font linking from other sites that do not >>> require root strings or CORS >>> (http://openfontlibrary.org/wiki/Blocking_drive-by_access). >>> >> >> Referer-based methods are unreliable, and can block users of your own >> site as well as letting through users of other sites. Some software >> will strip referer headers, or even change them. >> > > So browsers that send incorrect headers would fail to work with linked > fonts in this scenario? That seems like something browser vendors might be > willing to fix. The big problem is that some firewalls strip Referer headers because they don't want to reveal URLs of internal pages. For example, if https://intranet.mozilla.com/Orbital_Mind_Control_Lasers.html links to http://www.nasa.gov, Mozilla might not want nasa.gov administrators to see that URL in their Referer logs. So Referer is not really fixable. Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]
Received on Thursday, 25 June 2009 22:23:18 UTC