Created attachment 464209 [details]
example HTML document

Issue encountered here: https://github.com/rust-lang/rust/issues/98769

The problematic preload link looks like this:

<link rel="preload" as="font" type="font/woff2" crossorigin href="SourceSerif4-Regular.ttf.woff2">

crossorigin is apparently needed for preloading fonts (https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/preload#cors-enabled_fetches).
The issue arises when the file to be loaded is on the local machine (file:/// URLs). This doesn't work in conjunction with crossorigin.
Dev console:

[Error] Origin null is not allowed by Access-Control-Allow-Origin. Status code: 0
[Error] Failed to load resource: Origin null is not allowed by Access-Control-Allow-Origin. Status code: 0 (SourceSerif4-Regular.ttf.woff2, line 0)

Failing to preload a local file isn't much of a problem, but attempting to fetch the font later (it's being pulled in from CSS) will then also fail. As a result, the preload link prevents the font from being loaded at all.

## Reproducing

Safari 16.2 (18614.3.7.1.5) / macOS 13.1 on x86-64

Example font: https://github.com/rust-lang/rust/raw/298d763fc0ac206cf3ae202459101e36a17071f7/src/librustdoc/html/static/fonts/SourceSerif4-Regular.ttf.woff2
Example HTML document is in the attachments
Put them both in the same folder and open the document.

serif font      --> success
sans-serif font --> failure

The same thing works fine in Firefox 108.0.1 for example