Bug 245827

Summary: FontFace load cancelled because Cross-Origin-Resource-Policy
Product: WebKit Reporter: 709922234
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: annevk, ap, cdumez, mmaxfield, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 86817    
Bug Blocks:    

709922234
Reported 2022-09-29 05:05:00 PDT
Added response headers in order to use `SharedArrayBuffer`: Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin FontFace load cancelled: Failed to load resource: Cancelled load to https://fonts.cdnfonts.com/s/7553/COMMP___.woff because it violates the resource's Cross-Origin-Resource-Policy response header. FontFace should not apply CORP
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2022-09-29 09:05:16 PDT
FWIW, this font resource has `access-control-allow-origin: *`, and no cross-origin policy header fields.
Anne van Kesteren
Comment 2 2022-09-29 09:14:34 PDT
It's fallout from bug 86817 as we don't use CORS to fetch fonts.
Radar WebKit Bug Importer
Comment 3 2022-10-06 05:05:18 PDT
<rdar://problem/100848615>
Note You need to log in before you can comment on or make changes to this bug.