i am preloading fonts (as well as specifying them in CSS). the first time that the application loads, safari makes a preload request, sending the correct CORS headers (origin header), and amazon S3 responds with the correct CORS headers. the request gets fulfilled and safari caches the response

I also see another request from css font face, which is without the Origin header. S3 responds with the file without the correct CORS headers in this case (doesn't send access-control-allow-origin).

Safari now caches the response of this CSS font face request which does not have the Cors headers, and when I refresh the app, it tries to reuse that from cache in the preload request.

There are multiple issues here, all of which might not be valid:
- why is safari making another request from css for the font if it has already been preloaded?
- why is safari making the request from css without the Origin header?
- why is safari using the cached response from the css font face in the preload request (this is probably because of no vary header on the response, and same etag)
- if used without preload and only in css font face, the font request does not show up in the network pane after it gets cached the first time. even if it is cached, I would expect it show up in the network calls

This works fine on chrome / firefox

while I try to figure out the other issues, I would just like to raise the issue with font face not treating the font request as cross origin, although it should ?