Why should font files comply with CORS rules but no image?

Question

When requesting a cross-domain font file, you must ensure that the domain request is allowed to access the font file using CORS headers:

However, this is not required when requesting images, either for img elements or background-image .

Why do these file types have different security?

+5

Curt Oct 19 '15 at 7:04

1 answer

Marged · Answer 1 · 2015-10-19T07:18:42+0000

I tried to find a good answer myself several months ago. I saw discussions about this and a kind of rfc , but none if the reasons convinced me.

I think this is one of the things that just needs to be accepted; -)