Closed Bug 1698288 Opened 3 years ago Closed 3 years ago

Font redirection not allowed

Categories

(WebExtensions :: Untriaged, defect)

Product:
WebExtensions
Component:
Untriaged
Type:
defect

Tracking

(firefox86 affected, firefox87 affected, firefox88 affected)

Status:
RESOLVED DUPLICATE of bug 1694679
Tracking Flags:
Tracking Status
firefox86 --- affected
firefox87 --- affected
firefox88 --- affected

People

(Reporter: info, Unassigned)

Details

Attachments

(10 files, 1 obsolete file)

Screenshot-1.png
39.23 KB, image/png
Details
Screenshot-2.png
54.33 KB, image/png
Details
Screenshot-3.png
36.29 KB, image/png
Details
demo2.zip
136.66 KB, application/zip
Details
Screenshot-4.png
87.35 KB, image/png
Details
Screenshot-5.png
100.85 KB, image/png
Details
Screenshot-6.png
93.85 KB, image/png
Details
Screenshot-7.png
92.45 KB, image/png
Details
Screenshot-8.png
71.12 KB, image/png
Details
Screenshots.zip
296.96 KB, application/x-zip-compressed
Details
Attached file demo.zip (obsolete) —

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0

Steps to reproduce:

Hi all,

I wrote an extension which redirects a request of a website to a font to the local "web_accessible_resources" folder. Unfortunately this redirection fails.

So I don't know if redirects are only allowed for JavaScript and CSS files or maybe it's a bug with fonts. I don't know since when the problem exists (if it's one at all), because it's the first time I want to use this type of redirection.

I've attached a small demo extension. In the ZIP file is also a HTML file that has a style tag in the head section. You can reproduce this if you upload the HTML file on a webserver or use XAMPP. Opening the file with Firefox (file:///) doesn't work.

Hello,

I’m from QA and I’m attempting to reproduce and confirm the issue you are having, but, however I do have some requests regarding this:

  1. Could you provide some more detailed steps to reproduce as I’m not sure I’m performing the correct actions.
  2. Please state what the actual and expected results of this issue should be. Preferably also attach some screenshots or a screen recording of the issue.

From my understanding of the issue, I did the following on my end. Please see below:

  1. I started a http server from the unpacked folder (demo.zip) you provided and accessed it (see screenshot-1)
  2. I loaded the extension into the browser via about:debugging
  3. I clicked on the example-website.html link and the page loaded (see screenshot-2)

NOTE 1: The kanji symbol is displayed and the console also shows that the request towards “http://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2” is done and the font is downloaded.

  1. I loaded the example-website.html page directly into the browser by drag and drop. The page loads but the previous kanji is no longer displayed, but a “translate” string is shown instead. The console shows that the download of the font failed (see screenshot-3).

NOTE 2: Throughout the whole time I was performing the above actions, with the test extension installed, I did not see any logs from the extension in the console.

Checked this on Windows 10 x64 on the latest Release (86.0.1/20210310152336) and Nightly (88.0a1/20210314213752).

Flags: needinfo?(info)
Attached image Screenshot-1.png
Attached image Screenshot-2.png
Attached image Screenshot-3.png
Attached file demo2.zip
Attachment #9208904 - Attachment is obsolete: true
Flags: needinfo?(info)
Attached image Screenshot-4.png
Attached image Screenshot-5.png
Attached image Screenshot-6.png
Attached image Screenshot-7.png
Attached image Screenshot-8.png

Thank you for your reply. I'll try to explain it a little better. I have updated the demo extension a little bit. (demo2.zip)

There are two ways to inject fonts from extension directory by redirection. I call them here direct (*.woff/*.woff2) and indirect (using CSS files).

In the indirect method, the extension forwards a request to https://fonts.googleapis.com/css?family=Material+Icons+Extended to moz-extension://[UUID]/resources/MaterialIconsExtended.css.

The CSS file then loads the font (relative path ./MaterialIconsExtended.woff2) from moz-extension://UUID/resources/MaterialIconsExtended.woff2.

This works without problems. You can see in Screenshot-4 and Screenshot-5 that the CSS file request was successfully redirected to moz-extension://[UUID]/resources/MaterialIconsExtended.css. No error messages in the console or in the network tab.

With the direct method I would like to redirect a WOFF2 request instead of a CSS request:
From https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2 to moz-extension://[UUID]/resources/MaterialIconsExtended.woff2

Screenshot-6 and Screenshot-7:
The WOFF2 file request was not redirected to moz-extension://[UUID]/resources/MaterialIconsExtended.css

Console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at moz-extension://bd8bc96f-67d8-4186-97e5-6197ccf6703a/resources/MaterialIconsExtended.woff2. (Reason: CORS request not http).

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2. (Reason: CORS request did not succeed).

downloadable font: download failed (font-family: "Material Icons Extended" style:normal weight:400 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2

Network-Tab:
NS_ERROR_DOM_BAD_URI

Screenshot-8:
However, if I call the URL to the font https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2 directly, I am correctly redirected to local.

Hello,

Thank you for the additional info and resources ! They were helpful in understanding and reproducing the issue.
As such, I reproduced the issue on the latest Nightly (88.0a1/20210315214853), Beta (87.0/20210315170302) and Release (86.0.1/20210310152336) under Windows 10 x64.

The results I’ve obtained are the same as in the provided screenshots. I’ll attach them as well, as an archive, for reference.

Status: UNCONFIRMED → NEW
status-firefox86: --- → affected
status-firefox87: --- → affected
status-firefox88: --- → affected
Ever confirmed: true
Attached file Screenshots.zip

From my point of view it's good if the error is reproducible :D
Thank you, too.

See Also: → 1694679

Your test cases are not comparable.

In your "indirect" example, you're redirecting a remote CSS file to a moz-extension:-stylesheet within your extension that references a moz-extension:-font within your extension. The initial redirect succeeds, and the font is same-origin relative to the extension. That works.

In your "direct" example, a web page is loading a remote font in cross-origin mode (by the Font fetching requirements, read access to the font response must be permitted by CORS). The extension redirects the resource to a moz-extension:-URL, but that request is blocked because moz-extension:-URLs aren't http(s), and that's not supported by the implementation in Firefox ((Reason: CORS request not http).).

So this bug is another example of bug 1694679 ; here is a more succinct way to reproduce the bug without the special circumstances of fonts: https://bugzilla.mozilla.org/show_bug.cgi?id=1694679#c1

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
See Also: 1694679
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: