On Sat, May 4, 2013 at 1:16 AM, Anne van Kesteren <[email protected]> wrote:
> On Fri, May 3, 2013 at 6:25 PM, Rik Cabanier <[email protected]> wrote: > > On Fri, May 3, 2013 at 2:23 AM, Anne van Kesteren <[email protected]> > wrote: > >> 1. That assumes tainted cross-origin as a fetching mode. > >> http://fetch.spec.whatwg.org/#concept-request-mode Whereas you assume > >> it uses CORS. > > > > What do you mean by 'you'? > > The link in Canvas from the WhatWG spec is to the above section > > What I'm saying is that the section you're referring to is written > from the perspective of using tainted cross-origin as mode for font > fetching. Which is incorrect per the CSS fonts specification as per > that specification fonts will always be CORS-same-origin with the > document. > > > > OK. So it seems that the canvas spec should NOT say that the font has to > be > > the same origin. > > It should refer to CSS portion that describes this fetching or be silent. > > It would not have to say anything. > Thanks. I logged https://www.w3.org/Bugs/Public/show_bug.cgi?id=21943
