Firefox 39.0.3 breaks CORS




3 years ago
3 years ago


(Reporter: clemensgru, Unassigned)



39 Branch
Mac OS X

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.130 Safari/537.36

Steps to reproduce:

Updated to Firefox 39.0.3 on OSX and tried to visit a website which is using Google Fonts.

The security bugfix in 39.0.3 which was also related to CORS according to the release notes, might have caused this side-effect/bug.

Actual results:

The fonts were not displayed correctly, in the log I found: downloadable font: download failed (font-family: "Cinzel" style:normal weight:normal stretch:normal src index:1): bad URI or cross-site access not allowed source:

It downloads fine in Safari and in Google Chrome.

Expected results:

Should have downloaded the font as the "Access-Control-Allow-Origin:*" response header is set, and used it.


3 years ago
Severity: normal → critical
Component: Untriaged → Security
OS: Unspecified → Mac OS X
Hardware: Unspecified → x86_64
Do you have an example URL that shows the error ?
Severity: critical → normal
Component: Security → Security
Flags: needinfo?(clemensgru)
Keywords: regression
Product: Firefox → Core

Comment 2

3 years ago
Please have a look at my description, there is an example URL from Google Fonts. Works fine everywhere except Firefox 39.0.3

curl -v > /dev/null shows "Access-Control-Allow-Origin: *"

Firefox 39.0.3 shows a connection error and the "bad URI or cross-site access not allowed.." message in the console log.
Flags: needinfo?(clemensgru)
>Please have a look at my description, there is an example URL from Google Font
There is a URL with a link to a google font but we always want a test URL in a bug report that shows the bug directly and in this case a URL or attached html file that embeds the font.

Comment 4

3 years ago
Interesting, today, the bug does not occur anymore.

Then I assume it was not a Firefox problem but a Google Fonts bug, because they deliver different fonts for each browser. Probably the one they delivered for Firefox was incorrect.

Thanks anyway, this problem is resolved now.
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.