Font redirection not allowed
Categories
(WebExtensions :: Untriaged, defect)
Tracking
(firefox86 affected, firefox87 affected, firefox88 affected)
People
(Reporter: info, Unassigned)
Details
Attachments
(10 files, 1 obsolete file)
39.23 KB,
image/png
|
Details | |
54.33 KB,
image/png
|
Details | |
36.29 KB,
image/png
|
Details | |
136.66 KB,
application/zip
|
Details | |
87.35 KB,
image/png
|
Details | |
100.85 KB,
image/png
|
Details | |
93.85 KB,
image/png
|
Details | |
92.45 KB,
image/png
|
Details | |
71.12 KB,
image/png
|
Details | |
296.96 KB,
application/x-zip-compressed
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Steps to reproduce:
Hi all,
I wrote an extension which redirects a request of a website to a font to the local "web_accessible_resources" folder. Unfortunately this redirection fails.
So I don't know if redirects are only allowed for JavaScript and CSS files or maybe it's a bug with fonts. I don't know since when the problem exists (if it's one at all), because it's the first time I want to use this type of redirection.
I've attached a small demo extension. In the ZIP file is also a HTML file that has a style tag in the head section. You can reproduce this if you upload the HTML file on a webserver or use XAMPP. Opening the file with Firefox (file:///) doesn't work.
Comment 1•3 years ago
|
||
Hello,
I’m from QA and I’m attempting to reproduce and confirm the issue you are having, but, however I do have some requests regarding this:
- Could you provide some more detailed steps to reproduce as I’m not sure I’m performing the correct actions.
- Please state what the actual and expected results of this issue should be. Preferably also attach some screenshots or a screen recording of the issue.
From my understanding of the issue, I did the following on my end. Please see below:
- I started a http server from the unpacked folder (demo.zip) you provided and accessed it (see screenshot-1)
- I loaded the extension into the browser via about:debugging
- I clicked on the
example-website.html
link and the page loaded (see screenshot-2)
NOTE 1: The kanji symbol is displayed and the console also shows that the request towards “http://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2” is done and the font is downloaded.
- I loaded the
example-website.html
page directly into the browser by drag and drop. The page loads but the previous kanji is no longer displayed, but a “translate” string is shown instead. The console shows that the download of the font failed (see screenshot-3).
NOTE 2: Throughout the whole time I was performing the above actions, with the test extension installed, I did not see any logs from the extension in the console.
Checked this on Windows 10 x64 on the latest Release (86.0.1/20210310152336) and Nightly (88.0a1/20210314213752).
Comment 2•3 years ago
|
||
Comment 3•3 years ago
|
||
Comment 4•3 years ago
|
||
Reporter | ||
Comment 10•3 years ago
|
||
Reporter | ||
Comment 11•3 years ago
|
||
Thank you for your reply. I'll try to explain it a little better. I have updated the demo extension a little bit. (demo2.zip
)
There are two ways to inject fonts from extension directory by redirection. I call them here direct (*.woff/*.woff2
) and indirect (using CSS files).
In the indirect method, the extension forwards a request to https://fonts.googleapis.com/css?family=Material+Icons+Extended
to moz-extension://[UUID]/resources/MaterialIconsExtended.css
.
The CSS file then loads the font (relative path ./MaterialIconsExtended.woff2
) from moz-extension://UUID/resources/MaterialIconsExtended.woff2
.
This works without problems. You can see in Screenshot-4 and Screenshot-5 that the CSS file request was successfully redirected to moz-extension://[UUID]/resources/MaterialIconsExtended.css
. No error messages in the console or in the network tab.
With the direct method I would like to redirect a WOFF2
request instead of a CSS
request:
From https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2
to moz-extension://[UUID]/resources/MaterialIconsExtended.woff2
Screenshot-6 and Screenshot-7:
The WOFF2 file request was not redirected to moz-extension://[UUID]/resources/MaterialIconsExtended.css
Console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at moz-extension://bd8bc96f-67d8-4186-97e5-6197ccf6703a/resources/MaterialIconsExtended.woff2. (Reason: CORS request not http).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2. (Reason: CORS request did not succeed).
downloadable font: download failed (font-family: "Material Icons Extended" style:normal weight:400 stretch:100 src index:0): bad URI or cross-site access not allowed source: https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2
Network-Tab:
NS_ERROR_DOM_BAD_URI
Screenshot-8:
However, if I call the URL to the font https://fonts.gstatic.com/s/materialiconsextended/v87/kJEjBvgX7BgnkSrUwT8UnLVc38YydejYY-oE_LvJ.woff2
directly, I am correctly redirected to local.
Comment 12•3 years ago
|
||
Hello,
Thank you for the additional info and resources ! They were helpful in understanding and reproducing the issue.
As such, I reproduced the issue on the latest Nightly (88.0a1/20210315214853), Beta (87.0/20210315170302) and Release (86.0.1/20210310152336) under Windows 10 x64.
The results I’ve obtained are the same as in the provided screenshots. I’ll attach them as well, as an archive, for reference.
Comment 13•3 years ago
|
||
Reporter | ||
Comment 14•3 years ago
|
||
From my point of view it's good if the error is reproducible :D
Thank you, too.
Comment 15•3 years ago
|
||
Your test cases are not comparable.
In your "indirect" example, you're redirecting a remote CSS file to a moz-extension:
-stylesheet within your extension that references a moz-extension:
-font within your extension. The initial redirect succeeds, and the font is same-origin relative to the extension. That works.
In your "direct" example, a web page is loading a remote font in cross-origin mode (by the Font fetching requirements, read access to the font response must be permitted by CORS). The extension redirects the resource to a moz-extension:
-URL, but that request is blocked because moz-extension:
-URLs aren't http(s), and that's not supported by the implementation in Firefox ((Reason: CORS request not http).
).
So this bug is another example of bug 1694679 ; here is a more succinct way to reproduce the bug without the special circumstances of fonts: https://bugzilla.mozilla.org/show_bug.cgi?id=1694679#c1
Description
•