Bug 245827 - FontFace load cancelled because Cross-Origin-Resource-Policy
Summary: FontFace load cancelled because Cross-Origin-Resource-Policy
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on: 86817
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-29 05:05 PDT by 709922234
Modified: 2022-10-06 05:05 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 709922234 2022-09-29 05:05:00 PDT 
Added response headers in order to use `SharedArrayBuffer`:

Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin

FontFace load cancelled:

Failed to load resource: Cancelled load to https://fonts.cdnfonts.com/s/7553/COMMP___.woff because it violates the resource's Cross-Origin-Resource-Policy response header.

FontFace should not apply CORP
Comment 1 Alexey Proskuryakov 2022-09-29 09:05:16 PDT 
FWIW, this font resource has `access-control-allow-origin: *`, and no cross-origin policy header fields.
Comment 2 Anne van Kesteren 2022-09-29 09:14:34 PDT 
It's fallout from bug 86817 as we don't use CORS to fetch fonts.
Comment 3 Radar WebKit Bug Importer 2022-10-06 05:05:18 PDT 
<rdar://problem/100848615>