- From: François REMY <fremycompany_pub@yahoo.fr>
- Date: Sat, 20 Jun 2009 21:47:32 +0200
- To: "Anne van Kesteren" <annevk@opera.com>, "Robert O'Callahan" <robert@ocallahan.org>
- Cc: "CSS 3 W3C Group" <www-style@w3.org>
From: "Anne van Kesteren" <annevk@opera.com> Sent: Saturday, June 20, 2009 1:55 PM To: <robert@ocallahan.org> Cc: "Brad Kemper" <brad.kemper@gmail.com>; "John Daggett" <jdaggett@mozilla.com>; <www-style@w3.org> Subject: Re: New work on fonts at W3C > On Sat, 20 Jun 2009 13:26:19 +0200, Robert O'Callahan > <robert@ocallahan.org> wrote: >> On Sat, Jun 20, 2009 at 10:29 PM, Anne van Kesteren >> <annevk@opera.com>wrote: >>> I'm not sure we should have cross-origin restrictions on font loading >>> though. Mozilla implemented this, but it seems really inconsistent with >>> similar APIs, e.g. <img> and <script> >> >> If we could have cross-origin restrictions on <img> and <script> without >> breaking the Web, we would. > > My point is that since we do not have cross-origin restrictions for all > those various other ways to load resources cross-origin (<link>, <script>, > <img>, <video>, <audio>, <form>, <svg:image>, 'content', > 'background-image', 'list-style-image', 'cursor', and probably more) it > does not make sense to impose such a restriction here. Fully agree. Except if the site provide a X-Allow-... header. If such an header is present, urls that don't match the criteria should not be allowed to acceed to the ressource. This simple principe could be applied on the whole web without having problem with old content, that doens't contains the header. It would be a similar system that what is already done with the XMLHttpRequest object, except that if no header is present, the ressource (font, image, video) can be used while whit XHR no header means no autorisation. What do you think of it ? > -- > Anne van Kesteren > http://annevankesteren.nl/ >
Received on Saturday, 20 June 2009 19:48:05 UTC