Closed
Bug 1192422
Opened 9 years ago
Closed 9 years ago
Firefox 39.0.3 breaks CORS
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: clemensgru, Unassigned)
Details
(Keywords: regression)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36 Steps to reproduce: Updated to Firefox 39.0.3 on OSX and tried to visit a website which is using Google Fonts. The security bugfix in 39.0.3 which was also related to CORS according to the release notes, might have caused this side-effect/bug. Actual results: The fonts were not displayed correctly, in the log I found: downloadable font: download failed (font-family: "Cinzel" style:normal weight:normal stretch:normal src index:1): bad URI or cross-site access not allowed source: http://fonts.gstatic.com/s/cinzel/v4/i2BwM1Eq2JyiNOY_VrkubOvvDin1pK8aKteLpeZ5c0A.woff2 It downloads fine in Safari and in Google Chrome. Expected results: Should have downloaded the font as the "Access-Control-Allow-Origin:*" response header is set, and used it.
Reporter | ||
Updated•9 years ago
|
Severity: normal → critical
Component: Untriaged → Security
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
Comment 1•9 years ago
|
||
Do you have an example URL that shows the error ?
Reporter | ||
Comment 2•9 years ago
|
||
Please have a look at my description, there is an example URL from Google Fonts. Works fine everywhere except Firefox 39.0.3 curl -v http://fonts.gstatic.com/s/cinzel/v4/i2BwM1Eq2JyiNOY_VrkubOvvDin1pK8aKteLpeZ5c0A.woff2 > /dev/null shows "Access-Control-Allow-Origin: *" Firefox 39.0.3 shows a connection error and the "bad URI or cross-site access not allowed.." message in the console log.
Flags: needinfo?(clemensgru)
Comment 3•9 years ago
|
||
>Please have a look at my description, there is an example URL from Google Font
There is a URL with a link to a google font but we always want a test URL in a bug report that shows the bug directly and in this case a URL or attached html file that embeds the font.
Reporter | ||
Comment 4•9 years ago
|
||
Interesting, today, the bug does not occur anymore. Then I assume it was not a Firefox problem but a Google Fonts bug, because they deliver different fonts for each browser. Probably the one they delivered for Firefox was incorrect. Thanks anyway, this problem is resolved now.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•