Closed Bug 1122870 Opened 9 years ago Closed 9 years ago

Font Awesome doesn’t load when Referer is disabled

Categories

(developer.mozilla.org Graveyard :: General, defect)

Product:
developer.mozilla.org Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 875110

People

(Reporter: charmander, Unassigned)

Details

(Whiteboard: [specification][type:bug]) 

What did you do?
================
1. Disable the Referer header.
2. View any MDN page.

What happened?
==============
The icons provided by Font Awesome are instead displayed in the default font. https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0 without a Referer results in a 403.

What should have happened?
==========================
The font should load fine.

Is there anything else we should know?
======================================
OS: Other → All
This might be a duplicate of Bug 875110 but someone who understands referrers better than I do should check.
It's definitely the same issue as 875110. Using cURL or blocking referrers results in a 403 response for the woff request. With a suitable referer, the CORS header is set to 'Access-Control-Allow-Origin: *' and the file is downloaded.

Without, requests fail when no referer is sent:

curl -I 'https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0'

One that succeeds:

curl -I -H 'Referer: https://developer.cdn.mozilla.net' 'https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0'

Any https://*.mozilla.{com,org,net} referer works. I'm guessing that the CDN is setup to only allow requests with a referer to prevent serving up assets for external sites.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.