web icons such as font awesome not showing up only in firefox. How can I resolve this?
I work with HTML website themes daily. I use the firefox browser for all of my design work and I have recently noticed that firefox does not show web icons such as font awesome or any other web icons. The web icons are properly coded into the theme and they show up fine in all other browsers (chrome, edge, explorer, safari).
I did some research on it and I did find this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS but I don't know if that has anything at all to do with it or not.
If the problem is due to Cross-Origin Resource Sharing (CORS) then how would I fix that issue as the fonts are being served directly from the theme files?
Thank you
Chosen solution
Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?
Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp
I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste uniq and pause while the list is filtered
(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false
To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
Read this answer in context 👍 0All Replies (4)
Chosen Solution
Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?
Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp
I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste uniq and pause while the list is filtered
(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false
To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
WOW! thanks for the fast reply. I really appreciate info.
How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.
Thanks again. Paul
paul20 said
How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.
At least a couple of weeks, possibly a couple of months. It depends on how tricky it is, whether they will take a patch early in the usual alpha-beta-release cycle.
See also:
- Bug 1566172 - Compare file:// behavior of all places that use same-origin-only or cors-only loads to other browsers
(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html)