Re: fyi: Cross-Origin Resource Embedding Restrictions

On Tuesday, March 1, 2011, 8:06:23 PM, Jonathan wrote:

JR> Interesting.  Until now the browser has been a user-agent, acting on
JR> the user's behalf. This is true even when CORS is added. If I
JR> understand it correctly, this proposal enlists the browser as a
JR> server-agent as well, rather like DRM.

No, it is explicitly not "like DRM".

Its unfortunate that Anne chose to associate this with "license enforcement" (see quote below). WOFF has explicitly avoided any suggestion of "enforcement".

Instead it provides information, such as details of the license.

If someone is using a font outside its license, or for which they do not have a license but should, that is entirely the domain of the legal system between the font producer and the person using it. The user agent is not required to act on behalf of the legal system.

However, many licenses for webfonts require that a font licensed for a particular website be restricted to use on that site, on a reasonable-effort rather than cast-iron-guarantee sense. From-Origin provides a way to announce that intent.

It is neither prevention nor enforcement, however. wget foo.woff will still fetch it. 

>> From: "Anne van Kesteren" <>
>> Date: Tue, 01 Mar 2011 08:35:33 +0100
>> To: "WebApps WG" <>

>> More generally, having a way to prevent cross-origin embedding of
>> resources can be useful. In addition to license enforcement it can help
>> with:

 Chris Lilley   Technical Director, Interaction Domain                 
 W3C Graphics Activity Lead, Fonts Activity Lead
 Co-Chair, W3C Hypertext CG
 Member, CSS, WebFonts, SVG Working Groups

Received on Wednesday, 2 March 2011 03:53:07 UTC