Closed robert-scheck closed 7 years ago
Do you see chances to implement subresource integrity (https://wiki.mozilla.org/Security/Guidelines/Web_Security#Subresource_Integrity), given you are loading resources from foreign CDNs such as fonts via CSS?
CORS is only useful when you want to restrict the domains which can access certain resources. Google doesn't add any such restrictions to their fonts.
Do you see chances to implement subresource integrity (https://wiki.mozilla.org/Security/Guidelines/Web_Security#Subresource_Integrity), given you are loading resources from foreign CDNs such as fonts via CSS?