tags:

views:

195

answers:

2
+1  Q: 

Why don't web fonts in Firefox work on a different domain?

I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note:

In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction.

It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

A: 

Legal trademark and copyright issues sometimes restrict the usage based on domain when embedding fonts.

Edit: That's why you should always look at the tiny letters on the font license that you might buy. If you created it, then you have full ownership and no problems at all.

P.S: I am not a lawyer, but can confirm the case with several customers of mine.

jpabluz  2010-03-29 23:07:28
+2  A: 

If you want to bypass it you could try adding this to your .htaccess:

Header set Access-Control-Allow-Origin *

To answer your question, it's probably related to the fact that since version 3.5 Firefox supports the cross-origin sharing standard.

Knu  2010-03-30 01:00:02
I get the idea of the standard, and I know how to set the access control headers. I am asking why they decided to have these restrictions on fonts.
mikez302  2010-03-30 18:25:50
"The CSS @font-face construct prohibits cross-origin loads. With the resource sharing policy someone could set up a Web service that sells font licenses to selected servers and handles caching and bandwidth usage for them." from the source
Knu  2010-03-31 02:43:59
Note that this header has to be set on the site containing the fonts. I encountered this because my fonts were on static.example.com, but my site was www.example.com. In a similar case, it is better to specify the sites to allow access, just to prevent someone from hotlinking your fonts, like this: `Header set Access-Control-Allow-Origin: http://www.example.com`
Kip  2010-10-26 17:53:19

related questions

IE7 HTML/CSS margin-bottom bug.
IE7: header above menu
How to create an all browser-compatible hanging indent style in CSS in a span
How can you customize the numbers in an ordered list?
style.display not working in Firefox, Opera, Safari - IE7 OK
Best WYSIWYG CSS editor?
How important is W3C XHTML/CSS validation when finalizing work?
Solve the IE select overlap bug
IE8 overflow:auto with max-height
Autosizing Textarea
What is the best way to create rounded corners using CSS?
FF3 WinXP != FF3 Ubuntu - why?
Is there a business reason for striving for pure CSS layout?
How to set up a CSS switcher in ASP.NET
Setting a div's height in HTML with CSS
Wrapping lists into columns
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
What sites offer free, quality web site design templates?
Can you recommend a good CSS online resource or book?
Html CSS Editor
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?