[Webkit-unassigned] [Bug 230492] New: css font face rule is not sending a CORS request for fonts

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Sep 20 11:41:12 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=230492

            Bug ID: 230492
           Summary: css font face rule is not sending a CORS request for
                    fonts
           Product: WebKit
           Version: Safari 14
          Hardware: Mac (Intel)
                OS: macOS 11
            Status: NEW
          Severity: Minor
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: gaurav5430 at gmail.com

i am preloading fonts (as well as specifying them in CSS). the first time that the application loads, safari makes a preload request, sending the correct CORS headers (origin header), and amazon S3 responds with the correct CORS headers. the request gets fulfilled and safari caches the response

I also see another request from css font face, which is without the Origin header. S3 responds with the file without the correct CORS headers in this case (doesn't send access-control-allow-origin).

Safari now caches the response of this CSS font face request which does not have the Cors headers, and when I refresh the app, it tries to reuse that from cache in the preload request.

There are multiple issues here, all of which might not be valid:
- why is safari making another request from css for the font if it has already been preloaded?
- why is safari making the request from css without the Origin header?
- why is safari using the cached response from the css font face in the preload request (this is probably because of no vary header on the response, and same etag)
- if used without preload and only in css font face, the font request does not show up in the network pane after it gets cached the first time. even if it is cached, I would expect it show up in the network calls

This works fine on chrome / firefox

while I try to figure out the other issues, I would just like to raise the issue with font face not treating the font request as cross origin, although it should ?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210920/768eaedc/attachment.htm>

More information about the webkit-unassigned mailing list