Plugin Author
kontur
(@kontur)
Hey there!
There really is no absolutely feasible way to protect the web fonts, since they are sent to the browser for rendering. I can recommend using it the python library fonttools (and it’s pyftsubset terminal command) or fontsquirrel to make subsets of the font, that require only those characters you wish to include in the tester.
One feature that has been requested before and which I hope to add to the plugin at some point would be hiding the physical file paths. Note, however, that this still does not prevent someone from accessing the files — it just would make it a little more obfuscated.
You have to think of woff files like jpgs or pngs — you need to send them to the browser in order to render them; which also means that they can technically be downloaded to the computer.
I hope this helps explain the status quo 🙂
Hi kontur,
thank you for your answer – the feature that helps to hide the path sounds good, but as you said, it doesn’t really solve the issue.
I tried to use this plugin: https://preventdirectaccess.com/features/
Please take a look! It does exactly what I like, but it seems like it isn’t working with font sampler.
It seems like font sampler also can’t access the file, right? Could you provide a way that works?
In the “prevent direct access access” plugin you can generate private URLs, that actually have access – so it would be imaginable, that one could edit the path in font sampler and insert the private URL, right?
Unfortunately at the moment, I cannot edit the path, as it is generated when uploading the font to the media library…
Plugin Author
kontur
(@kontur)
Hey,
thanks, this looks like an interesting plugin, but we are talking about different things.
Since the Fontsampler preview works with actual webfont files, those files need to be sent to the browser to render the fonts. To come back to my analogy with images, just like you can right-click and save any image on any website, you can also (a bit less conveniently) download any webfont rendered in the browser.
If you would use a plugin like the above to restrict access to the webfont files, people could not view them in their browser either. Viewing the webfont is equal to downloading the webfont. This is the nature of woff webfonts, not a limitation of my Plugin, I am afraid 🙂
That said, a hiding of the file paths themselves might be a feature to add in the future, but that yields very little actual protection.
Plugin Author
kontur
(@kontur)
I’ve implemented an option to proxy the physical file paths in 0.4.5
which was just released. For now, that is the best that can be done 🙂