ari
commented
7 years ago CORS is only useful when you want to restrict the domains which can access certain resources. Google doesn't add any such restrictions to their fonts.
Closed robert-scheck closed 7 years ago
ari
commented
7 years ago CORS is only useful when you want to restrict the domains which can access certain resources. Google doesn't add any such restrictions to their fonts.
Do you see chances to implement subresource integrity (https://wiki.mozilla.org/Security/Guidelines/Web_Security#Subresource_Integrity), given you are loading resources from foreign CDNs such as fonts via CSS?