This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

web icons such as font awesome not showing up only in firefox. How can I resolve this?

  • 4 replies
  • 1 has this problem
  • 298 views
  • Last reply by cor-el

more options

I work with HTML website themes daily. I use the firefox browser for all of my design work and I have recently noticed that firefox does not show web icons such as font awesome or any other web icons. The web icons are properly coded into the theme and they show up fine in all other browsers (chrome, edge, explorer, safari).

I did some research on it and I did find this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS but I don't know if that has anything at all to do with it or not.

If the problem is due to Cross-Origin Resource Sharing (CORS) then how would I fix that issue as the fonts are being served directly from the theme files?

Thank you

I work with HTML website themes daily. I use the firefox browser for all of my design work and I have recently noticed that firefox does not show web icons such as font awesome or any other web icons. The web icons are properly coded into the theme and they show up fine in all other browsers (chrome, edge, explorer, safari). I did some research on it and I did find this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS but I don't know if that has anything at all to do with it or not. If the problem is due to Cross-Origin Resource Sharing (CORS) then how would I fix that issue as the fonts are being served directly from the theme files? Thank you
Attached screenshots

Chosen solution

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

Read this answer in context 👍 0

All Replies (4)

more options

Chosen Solution

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

more options

WOW! thanks for the fast reply. I really appreciate info.

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

Thanks again. Paul

more options

paul20 said

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

At least a couple of weeks, possibly a couple of months. It depends on how tricky it is, whether they will take a patch early in the usual alpha-beta-release cycle.

more options

See also:

  • Bug 1566172 - Compare file:// behavior of all places that use same-origin-only or cors-only loads to other browsers

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)