Closed tolmasky closed 4 years ago
Hi @tolmasky , thank you for your questions!
Secure Contexts ensure that pages (and their ancestors) using powerful APIs are delivered and run over secure connections. This ensures that the API is only granted to authenticated origins.
By requiring a secure context for this API, the browser implementation will help to ensure that the user is interacting with only the intended origin for the web app and that their data is as secure as possible in transit.
I believe this issue has been addressed. The general discussion around security/privacy requirements is happening in https://github.com/inexorabletash/font-enumeration/issues/7. Closing, but feel free to follow-up here if something wasn't clear.
I was curious what the motivation was for restricting this feature to only Secure Contexts. If you are accessing local fonts then there shouldn't be any possibility of a man-in-the-middle attack right?