alt Hacker News"Pulling a font for a domain"—wtf, isn't the client making the request? Why detect anything, just require a referrer on your allow-list, and deny if it's not there.
"Pulling a font for a domain"—wtf, isn't the client making the request? Why detect anything, just require a referrer on your allow-list, and deny if it's not there.
An allow-list would probably suck for local development for users that do have a valid license.