W3C home > Mailing lists > Public > www-style@w3.org > April 2015

Re: Font MIME types

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 3 Apr 2015 17:57:00 +0200
Message-ID: <CADnb78gQo5rDaBz7_eHJmfprXr09RQLo2ZD2FTSOjHAschbQFA@mail.gmail.com>
To: Zack Weinberg <zackw@panix.com>
Cc: "www-style@w3.org" <www-style@w3.org>
On Fri, Apr 3, 2015 at 5:53 PM, Zack Weinberg <zackw@panix.com> wrote:
> I researched this back in 2011
> <https://www.owlfolio.org/htmletc/strawman-mime-type-for-fonts/>.  At
> that time the only officially registered MIME type for a font format
> was "application/font-tdpfr", corresponding to an obsolete format that
> has never been implemented by any browser to my knowledge.  The IANA
> registry now also includes application/font-sfnt and
> application/font-woff, but I doubt either of them has significant
> traction.  In 2011, types being used (completely unofficially) for
> fonts included application/octet-stream, application/ttf,
> application/otf, application/truetype, application/opentype,
> application/woff, application/eot, all of the above with an x-prefix,
> and all of the above in font/ instead of application/, with or without
> the x-.  I did not check whether Content-Type headers that specified a
> particular format were accurate.
> All the font formats that browsers actually support are unambiguously
> identifiable by their in-band metadata ("magic numbers" and the like)
> and it is therefore my opinion that, like images, font formats SHOULD
> be identified using that metadata, *not* any out-of-band declaration
> (in other words, browsers SHOULD continue to ignore the MIME type for
> fonts).

Sure, and I have done this when we introduced @font-face (and failed
to register font/ :-/), but that's not really the question. E.g. we
don't check MIME types for <script> either, but with
X-Content-Type-Options: nosniff we do. So the question is what is the
list of MIME types we want to whitelist for font use when that header
is specified.

Received on Friday, 3 April 2015 15:57:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:39:30 UTC