Re: New work on fonts at W3C

On Jun 25, 2009, at 8:27 PM, Robert O'Callahan wrote:

> My understanding is that because of that problem, many firewalls are  
> configured to strip ALL Referer headers. So all users behind such a  
> firewall would be denied all fonts on servers that do Referer  
> checking.
> For a lot of site authors, this might be acceptable, or they might  
> send you a second-choice open license font instead. I wonder if it  
> would be acceptable to the font publishers. It would not be that  
> different from sites that block de-referred browsers from seeing  
> their images.
> Sure, it might be acceptable, but default same-origin checks plus  
> CORS are a better solution: more reliable, more privacy for users,  
> more convenient for authors.

I agree that CORS is a better way to exchange that sort of  
information, but I am less thrilled about the idea of same-origin  
checks for fonts. If CORS could actually deny access on its own to non- 
authorized sites for whatever assets we want, instead of having to  
paint the restrictions with such a broad brush (as Firefox is doing  
with fonts), it would solve even more problems (such as allowing a  
site to block  access to certain images from sites they don't  
authorize, but without necessarily blocking entire networks that strip  
referrer info).

Received on Friday, 26 June 2009 03:38:32 UTC