搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

web icons such as font awesome not showing up only in firefox. How can I resolve this?

  • 4 回覆
  • 1 有這個問題
  • 2244 次檢視
  • 最近回覆由 cor-el

more options

I work with HTML website themes daily. I use the firefox browser for all of my design work and I have recently noticed that firefox does not show web icons such as font awesome or any other web icons. The web icons are properly coded into the theme and they show up fine in all other browsers (chrome, edge, explorer, safari).

I did some research on it and I did find this: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS but I don't know if that has anything at all to do with it or not.

If the problem is due to Cross-Origin Resource Sharing (CORS) then how would I fix that issue as the fonts are being served directly from the theme files?

Thank you

附加的畫面擷圖

被選擇的解決方法

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

從原來的回覆中察看解決方案 👍 0

所有回覆 (4)

more options

選擇的解決方法

Hi paul20, is the problem when you open the page locally from disk, using a file:// URL?

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and methods of loading) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. More info: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

I filed a bug yesterday proposing that fonts be allowed, but it will take time to implement. For now, you can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

more options

WOW! thanks for the fast reply. I really appreciate info.

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

Thanks again. Paul

more options

paul20 said

How long do you think it will take for them to review the icon issue working for locally view files? I may just wait for the update.

At least a couple of weeks, possibly a couple of months. It depends on how tricky it is, whether they will take a patch early in the usual alpha-beta-release cycle.

more options

See also:

  • Bug 1566172 - Compare file:// behavior of all places that use same-origin-only or cors-only loads to other browsers

(please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html
)