Re: css3-fonts: should not dictate usage policy with respect to origin

Glenn Adams wrote:

> To follow-up on this a bit more, it would be acceptable to include
> the basic intent expressed by section 4.8 if it were replaced with
> the following text:
> 
> "If a user agent that makes normative use of this specification
> includes a same-origin policy, then that policy, and the mechanisms
> it uses to enforce that policy should apply to the loading of fonts
> via the @font-face mechanism."
> 
> Even here, I am reticent to use the word "must" and instead use
> "should", since a UA implementer that employs cross-origin
> constraints should still be free to use this mechanism without
> necessarily using the same constraints.

Given that some form of origin restriction, either a same origin
restriction with CORS to relax it or an explicitly specified
restriction using the proposed From-Origin header, fundamentally
affects the @font-face mechanism I don't think it makes sense for this
to be considered "optional" behavior like this.  To do so is
effectively to not implement it, since authors couldn't rely on it
working across users agents.

I think the CSS3 Fonts spec either needs to define this behavior
explicitly or it needs to explicitly exclude this behavior.  I think
there's a loose agreement among implementors regarding what would work
and we should try and conclude that discussion.  Pushing it to another
spec is just spec ballet, a way to dance around the issue a little
longer without resolving anything.

I'm sure there will be those who object no matter what the resolution,
this has been a contentious issue from the beginning of the discussion
of this feature three years ago (and even longer if you include past
discussions).  But even in the face of these objections I don't see a
reason not to attempt to resolve these issues, even if the consensus
is loose at best.

Regards,

John Daggett
Mozilla Japan
CSS3 Fonts editor

Received on Wednesday, 22 June 2011 03:06:46 UTC