[Webkit-unassigned] [Bug 86817] Downloadable font loads should be subject to CORS

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 11 11:39:20 PST 2016


Bram Stein <stein at adobe.com> changed:

           What    |Removed                     |Added
                 CC|                            |stein at adobe.com

--- Comment #7 from Bram Stein <stein at adobe.com> ---
It would be great if Safari/WebKit starts enforcing the same-origin policy for web fonts. At Adobe Typekit we're currently using referrer header matching to prevent accidental misuse of the fonts we serve to our customers. This is rather heavy handed and doesn't work in some of the use-cases we would like to support (dynamically created iframes, browsers in privacy mode, etc). We would very much like to start using CORS headers on our web fonts instead.

Based on our research (http://stateofwebtype.com/#CORS) Safari is the only major browser that does not enforce the same-origin policy for web fonts. We would appreciate it very much if Safari/WebKit could reconsider their position on this issue.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160211/502aba7c/attachment-0001.html>

More information about the webkit-unassigned mailing list