Bug 245827

Summary: FontFace load cancelled because Cross-Origin-Resource-Policy
Product: WebKit Reporter: 709922234
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: annevk, ap, cdumez, mmaxfield, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 86817    
Bug Blocks:    

Description 709922234 2022-09-29 05:05:00 PDT 
Added response headers in order to use `SharedArrayBuffer`:

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin

FontFace load cancelled:

Failed to load resource: Cancelled load to https://fonts.cdnfonts.com/s/7553/COMMP___.woff because it violates the resource's Cross-Origin-Resource-Policy response header.

FontFace should not apply CORP
Comment 1 Alexey Proskuryakov 2022-09-29 09:05:16 PDT 
FWIW, this font resource has `access-control-allow-origin: *`, and no cross-origin policy header fields.
Comment 2 Anne van Kesteren 2022-09-29 09:14:34 PDT 
It's fallout from bug 86817 as we don't use CORS to fetch fonts.
Comment 3 Radar WebKit Bug Importer 2022-10-06 05:05:18 PDT 
<rdar://problem/100848615>