Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

web icons such as font awesome not showing up only in firefox. How can I resolve this?

  • 4 trả lời
  • 1 gặp vấn đề này
  • 2777 lượt xem
  • Trả lời mới nhất được viết bởi cor-el

more options

I work with HTML website themes daily. I use the firefox browser for all of my design work and I have recently noticed that firefox does not show web icons such as font awesome or any other web icons. The web icons are properly coded into the theme and they show up fine in all other browsers (chrome, edge, explorer, safari).

I did some research on it and I did find this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS but I don't know if that has anything at all to do with it or not.

If the problem is due to Cross-Origin Resource Sharing (CORS) then how would I fix that issue as the fonts are being served directly from the theme files?

Thank you

Đính kèm ảnh chụp màn hình

Giải pháp được chọn

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

Đọc câu trả lời này trong ngữ cảnh 👍 0

Tất cả các câu trả lời (4)

more options

Giải pháp được chọn

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

more options

WOW! thanks for the fast reply. I really appreciate info.

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

Thanks again. Paul

more options

paul20 said

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

At least a couple of weeks, possibly a couple of months. It depends on how tricky it is, whether they will take a patch early in the usual alpha-beta-release cycle.

more options

See also:

  • Bug 1566172 - Compare file:// behavior of all places that use same-origin-only or cors-only loads to other browsers

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)