Re: New work on fonts at W3C

On Fri, Jun 26, 2009 at 5:44 AM, Jonathan Kew <jonathan@jfkew.plus.com>wrote:

> On 25 Jun 2009, at 17:55, Aryeh Gregor wrote:
>
>  On Thu, Jun 25, 2009 at 12:43 PM, Levantovsky,
>> Vladimir<Vladimir.Levantovsky@monotypeimaging.com> wrote:
>>
>>> There are other ways to block font linking from other sites that do not
>>> require root strings or CORS
>>> (http://openfontlibrary.org/wiki/Blocking_drive-by_access).
>>>
>>
>> Referer-based methods are unreliable, and can block users of your own
>> site as well as letting through users of other sites.  Some software
>> will strip referer headers, or even change them.
>>
>
> So browsers that send incorrect headers would fail to work with linked
> fonts in this scenario? That seems like something browser vendors might be
> willing to fix.


The big problem is that some firewalls strip Referer headers because they
don't want to reveal URLs of internal pages. For example, if
https://intranet.mozilla.com/Orbital_Mind_Control_Lasers.html links to
http://www.nasa.gov, Mozilla might not want nasa.gov administrators to see
that URL in their Referer logs. So Referer is not really fixable.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]

Received on Thursday, 25 June 2009 22:23:18 UTC