Hi,
The WebFonts WG is looking for a way to prevent cross-origin embedding of
fonts as certain font vendors want to license their fonts with such a
restriction. Some people think CORS is appropriate for this, some don't.
Here is some background material:
http://weblogs.mozillazine.org/roc/archives/2011/02/distinguishing.html
http://annevankesteren.nl/2011/02/web-platform-consistency
http://lists.w3.org/Archives/Public/public-webfonts-wg/2011Feb/0066.html
More generally, having a way to prevent cross-origin embedding of
resources can be useful. In addition to license enforcement it can help
with:
* Bandwidth "theft"
* Clickjacking
* Privacy leakage
To that effect I wrote up a draft that complements CORS. Rather than
enabling sharing of resources, it allows for denying the sharing of
resources:
http://dvcs.w3.org/hg/from-origin/raw-file/tip/Overview.html
And although it might end up being part of the Content Security Policy
work I think it would be useful if publish a Working Draft of this work to
gather more input, committing us nothing.
What do you think?
Kind regards,
--
Anne van Kesteren
http://annevankesteren.nl/
