Earlier this week, the Web Fonts WG published a LCWD of "WOFF File
Format 1.0" and Chris Lilley suggested WebApps review this spec:
http://www.w3.org/TR/2010/WD-WOFF-20101116/
This LC has a normative reference to CORS and and a normative
requirement for the spec's UAs re CORS:
[[
http://www.w3.org/TR/2010/WD-WOFF-20101116/#Introduction
The primary purpose of the WOFF format is to package fonts linked to Web
documents by means of CSS @font-face rules. When using such fonts, user
agents MUST implement a 'same-origin restriction' on the downloading of
WOFF files using the same-origin matching algorithm described in the
HTML5 specification ([HTML5 Section 5.3: Origin]). The origin of the
stylesheet containing @font-face declarations is not used when deciding
whether a WOFF file is same-origin or not, only the origin of containing
document is used. User agents MUST also implement the ability to relax
this restriction using Cross-Origin Resource Sharing [CORS]. Thus, sites
can explicitly allow cross-site downloading of WOFF files using the
Access-Control-Allow-Origin HTTP header.
]]
If you have any comments, send them by December 14 to:
www-f...@w3.org
http://lists.w3.org/Archives/Public/www-font/
-Art Barstow
-------- Original Message --------
Subject: Status, WebFonts WG
Date: Fri, 19 Nov 2010 15:55:37 +0100
From: ext Chris Lilley <ch...@w3.org>
The WebFonts WG recently published a last call for the WOFF specification
http://www.w3.org/TR/2010/WD-WOFF-20101116
http://lists.w3.org/Archives/Member/chairs/2010OctDec/0045.html
http://lists.w3.org/Archives/Public/www-font/2010OctDec/0076.html