- From: Chris Lilley <chris@w3.org>
- Date: Mon, 25 May 2009 18:50:45 +0200
- To: "Anne van Kesteren" <annevk@opera.com>
- CC: www-style@w3.org
On Monday, May 18, 2009, 10:09:13 PM, Anne wrote: AvK> On Tue, 12 May 2009 16:07:59 +0200, Chris Lilley <chris@w3.org> wrote: >> Some fonts are licensed to a specific site or domain. EOT provides one >> way to indicate this in the font itself. Cross Origin Resource Sharing >> (CORS, previously known as Access Control) is a W3C specification which >> may also be used to indicate this [7]. Mozilla Firefox restricts >> downloadable OpenType fonts to those permitted by CORS. >> There may be other ways to indicate metadata, so that foundries and font >> licensees may indicate the nature of their agreement. >> [7] http://www.w3.org/TR/access-control/ AvK> Just to be clear: CORS is not about license enforcement. Right, its about allowing resources from one domain to be used from another, if they would otherwise be disallowed due to security policies. AvK> It is about AvK> alleviating the same-origin policy in certain scenarios. (Whether the AvK> same-origin policy should apply for fonts at all is something I'm not sure AvK> about.) I didn't express an opinion on whether it *should be* only that at least one implementation *does* currently impose a same-origin policy for webfonts, and does allow CORS to be used to widen that policy. -- Chris Lilley mailto:chris@w3.org Technical Director, Interaction Domain W3C Graphics Activity Lead Co-Chair, W3C Hypertext CG
Received on Monday, 25 May 2009 16:51:15 UTC