Dear WG Chairs, W3C Staff contacts and WG members,
The WebFonts WG has recently published WOFF specification as W3C Candidate Recommendation. The specification flags two features as "at risk", both of them related to font loading behavior with default same-origin restriction and CORS as a mechanism to relax it when needed. The WebFonts WG believes that these features are best to be specified as part of the CSS3 Fonts module that defines font loading behavior. The most recent version of CSS3 Fonts WD contains section 4.8 that provides for default same-origin restriction and CORS, but they are also marked as "at risk" pending the resolution on the recent proposal to specify "From-Origin" HTTP header as an alternative mechanism to control the resource loading on the Web.
I would like to respectfully ask the chairs and the members of the CSS and WebApps working groups to allocate a time during the W3C TPAC week for a joint meeting with WebFonts WG to discuss the mechanisms for access control (CORS) and resource loading (From-Origin) to be able to determine the way forward and resolve the features at risk that are now parts of the CSS3 Fonts and WOFF specifications.
Thank you.
On behalf of the WebFonts WG,
Vladimir Levantovsky, WebFonts WG chair