[css3-fonts] first pass on updating the font fetch wording

John Daggett · John Daggett · commit 8ebc14bc5d5d · 2013-08-16T17:29:52.000+09:00
diff --git a/css-fonts/Fonts.html b/css-fonts/Fonts.html
@@ -322,15 +322,8 @@ <h2 class="no-num no-toc" id=contents>Table of contents</h2>
      <li><a href="#font-face-loading"><span class=secno>4.8 </span>Font
       loading guidelines</a>
 
-     <li><a href="#same-origin-restriction"><span class=secno>4.9
-      </span>Same-origin restriction for fonts</a>
-      <ul class=toc>
-       <li><a href="#default-same-origin-restriction"><span class=secno>4.9.1
-        </span>Default same-origin restriction</a>
-
-       <li><a href="#allowing-cross-origin-font-loading"><span
-        class=secno>4.9.2 </span>Allowing cross-origin font loading</a>
-      </ul>
+     <li><a href="#font-fetching-requirements"><span class=secno>4.9
+      </span>Font fetching requirements</a>
     </ul>
 
    <li><a href="#font-matching-algorithm"><span class=secno>5 </span>Font
@@ -3021,56 +3014,16 @@ <h3 id=font-face-loading><span class=secno>4.8 </span>Font loading
    that closely match the metrics of the downloadable fonts to avoid large
    page reflows where possible.
 
-  <h3 id=same-origin-restriction><span class=secno>4.9 </span>Same-origin
-   restriction for fonts</h3>
+  <p><a id=same-origin-restriction> </a><a
+   id=allowing-cross-origin-font-loading> </a>
 
-  <h4 id=default-same-origin-restriction><span class=secno>4.9.1
-   </span>Default same-origin restriction</h4>
+  <h3 id=font-fetching-requirements><span class=secno>4.9 </span>Font
+   fetching requirements</h3>
   <!-- TPAC 2011 Resolution to require same-origin restriction for loading fonts:
   http://lists.w3.org/Archives/Public/www-style/2011Nov/0711.html
   http://www.w3.org/2011/10/31-webapps-minutes.html#item02
 -->
 
-  <p>User agents must implement a same-origin restriction when loading fonts
-   via the <a href="#at-font-face-rule"><code>@font-face</code></a>
-   mechanism. This restriction limits the loading of fonts for a given
-   document to fonts loaded from the same origin. Fonts can only be loaded
-   via the same host, port, and method combination as the containing
-   document, using the <a
-   href="http://www.w3.org/TR/html5/browsers.html#origin">origin matching
-   algorithm</a> described in the <a href="#HTML5"
-   rel=biblioentry>[HTML5]<!--{{!HTML5}}--></a> specification. The origin of
-   the stylesheet containing <a
-   href="#at-font-face-rule"><code>@font-face</code></a> rules is not used
-   when deciding whether a font is same origin or not, only the origin of the
-   containing document is used. The restriction applies to all font types.
-
-  <p>Given a document located at http://example.com/page.html, fonts defined
-   with ‘<a href="#descdef-src"><code class=property>src</code></a>’
-   definitions considered cross origin must not be loaded:
-
-  <pre>
-/* same origin (i.e. domain, scheme, port match document) */
-src: url(fonts/simple.woff);
-src: url(//fonts/simple.woff);
-
-/* cross origin, different scheme */
-src: url(https://example.com/fonts/simple.woff);
-
-/* cross origin, different domain */
-src: url(http://another.example.com/fonts/simple.woff);
-</pre>
-
-  <h4 id=allowing-cross-origin-font-loading><span class=secno>4.9.2
-   </span>Allowing cross-origin font loading</h4>
-
-  <p>User agents must also implement the ability to relax this restriction
-   using cross-site origin controls <a href="#CORS"
-   rel=biblioentry>[CORS]<!--{{!CORS}}--></a> for fonts loaded via HTTP.
-   Sites can explicitly allow cross-site downloading of font data using the
-   <code>Access-Control-Allow-Origin</code> HTTP header. For other schemes,
-   no explicit relaxation mechanism is defined or required.
-
   <p>For font loads, user agents must use the <a
    href="http://www.w3.org/TR/html5/infrastructure.html#cors-enabled-fetch">potentially
    CORS-enabled fetch</a> method defined by the <a href="#HTML5"
@@ -3079,6 +3032,15 @@ <h4 id=allowing-cross-origin-font-loading><span class=secno>4.9.2
    "Anonymous" mode, set the referrer source to the stylesheet's URL and set
    the origin to the URL of the containing document.
 
+  <p class=note>The implications of this for authors are that fonts will
+   typically not be loaded cross-origin unless authors specifically takes
+   steps to permit cross-origin loads. Sites can explicitly allow cross-site
+   loading of font data using the <code>Access-Control-Allow-Origin</code>
+   HTTP header. For other schemes, no explicit mechanism to allow
+   cross-origin loading beyond what is permitted by the <a
+   href="http://www.w3.org/TR/html5/infrastructure.html#cors-enabled-fetch">potentially
+   CORS-enabled fetch</a> method is defined or required.
+
   <h2 id=font-matching-algorithm><span class=secno>5 </span>Font Matching
    Algorithm</h2>
 
