Font Awesome doesn’t load when Referer is disabled

RESOLVED DUPLICATE of bug 875110

Status

Mozilla Developer Network
General
RESOLVED DUPLICATE of bug 875110
3 years ago
3 years ago

People

(Reporter: Charmander, Unassigned)

Tracking

Details

(Whiteboard: [specification][type:bug])

(Reporter)

Description

3 years ago
What did you do?
================
1. Disable the Referer header.
2. View any MDN page.

What happened?
==============
The icons provided by Font Awesome are instead displayed in the default font. https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0 without a Referer results in a 403.

What should have happened?
==========================
The font should load fine.

Is there anything else we should know?
======================================
(Reporter)

Updated

3 years ago
OS: Other → All
This might be a duplicate of Bug 875110 but someone who understands referrers better than I do should check.
It's definitely the same issue as 875110. Using cURL or blocking referrers results in a 403 response for the woff request. With a suitable referer, the CORS header is set to 'Access-Control-Allow-Origin: *' and the file is downloaded.

Without, requests fail when no referer is sent:

curl -I 'https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0'

One that succeeds:

curl -I -H 'Referer: https://developer.cdn.mozilla.net' 'https://developer.cdn.mozilla.net/media/css/libs/font-awesome/fonts/fontawesome-webfont.woff?v=4.1.0'

Any https://*.mozilla.{com,org,net} referer works. I'm guessing that the CDN is setup to only allow requests with a referer to prevent serving up assets for external sites.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 875110
You need to log in before you can comment on or make changes to this bug.