The Fetch Standard includes advice about a basic safe CORS protocol setup that enables others to reuse your public resources: https://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup However, apparently some set of font foundries require through a license agreement that their fonts are never distributed with this header. This in turn makes it harder for infrastructure (such as Apache, Ruby on Rails) to adopt this header as a default when they can ascertain they are not used for intranet purposes. It seems problematic that a security measure (we use CORS for fonts because you can effectively steal a font from an intranet without it) can be abused in this way. Anything we can do about it? -- https://annevankesteren.nl/Received on Tuesday, 18 August 2015 11:03:48 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:12 UTC