There are two incorrect use cases in
http://www.w3.org/TR/2009/WD-cors-20090317/
1) The draft says:
"The xml-stylesheet processing instruction does not allow cross-origin
loads to prevent data theft (e.g., from intranets)."
This is not true (even without a comma after "loads" :-) ). The Rec[1]
imposes no restrictions on the URLs of style sheets. Indeed, that would
be incompatible with the architecture of the Web[4], in which URLs are
opaque (i.e., you cannot infer any information about the relation
between two different URLs, even if they differ only by one bit).
2) The draft says:
"The CSS @font-face construct prohibits cross-origin loads."
That is also not true. Neither the Rec[2] nor the latest draft[3]
contain such a restriction. For the same reason as above.
[1] http://www.w3.org/1999/06/REC-xml-stylesheet-19990629/
[2] http://www.w3.org/TR/2008/REC-CSS2-20080411/
[3] http://www.w3.org/TR/2009/WD-css3-fonts-20090618/
[4] http://www.w3.org/TR/2004/REC-webarch-20041215/#uri-opacity
Bert
--
Bert Bos ( W 3 C ) http://www.w3.org/
http://www.w3.org/people/bos W3C/ERCIM
b...@w3.org 2004 Rt des Lucioles / BP 93
+33 (0)4 92 38 76 92 06902 Sophia Antipolis Cedex, France