Closed Bug 1568177 Opened 6 years ago Closed 6 years ago

Regression: CORS Same-origin policy blocks fonts when viewing local file

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
68 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1565942

People

(Reporter: leon, Unassigned)

Details

Attachments

(1 file)

cors-blocked-fonts.zip
192.55 KB, application/x-zip-compressed
Details
Attached file cors-blocked-fonts.zip

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Create HTML file with some text. Style that text using a CSS @font-face pointing to a font in the same directory.

Please see the attached cors-blocked-fonts.zip file for an example (remember to extract the zip before viewing).

Opening the index.html file in Chrome and Firefox will show that Chrome is displaying the appropriate font however Firefox is not.

Opening the console in Firefox shows
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///path-to-font/font-name.ttf. (Reason: CORS request not http).

Actual results:

The font is not applied to the text.

I suspect this is a regression caused by #1558299
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730

Expected results:

The text should have the font style applied.

Component: Untriaged → DOM: Security
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: