[webkit-dev] Should we restrict Web Fonts to same-origin by default?

Darin Fisher darin at chromium.org
Tue Jun 23 20:47:56 PDT 2009

On Mon, Jun 22, 2009 at 1:26 PM, Ojan Vafai <ojan at chromium.org> wrote:

> On Mon, Jun 22, 2009 at 12:45 PM, David Hyatt <hyatt at apple.com> wrote:
>> On Jun 22, 2009, at 2:38 PM, Maciej Stachowiak wrote:
>>> Mozilla restricts downloaded fonts to same-origin by default, with the
>>> ability for the hosting site to open up access via Access-Control (aka
>>> CORS). Apparently this step has the potential to make font foundries more
>>> comfortable about using straight up OpenType fonts on the Web, without
>>> introducing DRM. Should we follow Mozilla's lead on this?
>> I see no reason to do this.
> I also see harm from doing this. There are many sites (e.g. Google Docs)
> that serve static content of a different, cookie-less domain for performance
> reasons. They would be unable to do this for Web Fonts with this
> restriction.
> This is an increasingly common practice as tools like
> http://code.google.com/speed/page-speed/ become more ubiquitous.
> Ojan

Wouldn't Access-Control still support serving the Web Fonts off of a
secondary domain?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20090623/81ff527c/attachment.html>

More information about the webkit-dev mailing list