eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-05-12 01:46:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb/Fetch: Allow file:// pages to load fonts from file:// URLs

Browse Source 
Fonts require CORS mode per spec, but file:// origins are opaque in
our implementation, so the standard same-origin check in main_fetch
always fails for file-to-file font loads. This caused @font-face rules
referencing local .woff2 files to fail with a NetworkError.

Fix this by treating file:// font loads from file:// pages as
same-origin, routing them through scheme_fetch with basic response
tainting instead of rejecting them for not being HTTP(S).

This matches the behavior of Chromium, WebKit, and Firefox, all of
which allow local font loading from local pages.
This commit is contained in:
Andreas Kling
2026-03-13 21:18:25 -05:00
committed by Andreas Kling
parent d7c90639ae
commit f2976807da
Notes: github-actions[bot] 2026-03-15 03:22:51 +00:00 
Author: https://github.com/awesomekling
Commit: https://github.com/LadybirdBrowser/ladybird/commit/f2976807dab
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/8425
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Libraries/LibWeb/Fetch/Fetching/Fetching.cpp
View File

@@ -460,8 +460,17 @@ GC::Ptr<PendingResponse> main_fetch(JS::Realm& realm, Infrastructure::FetchParam
// -> requests current URLs origin is same origin with requests origin, and requests response tainting is "basic"
// -> requests current URLs scheme is "data"
// -> requests mode is "navigate" or "websocket"
// AD-HOC: Treat file:// font loads from file:// pages as same-origin.
// Fonts require CORS mode per spec, but file:// origins are opaque in our implementation,
// so the standard same-origin check always fails. Other browsers (Chromium, WebKit, Firefox)
// all allow loading fonts from file:// URLs on file:// pages.
auto is_file_to_file_font_load = origin && origin->is_opaque_file_origin()
&& request->current_url().scheme() == "file"sv
&& request->destination() == Infrastructure::Request::Destination::Font;
if (
(origin && request->current_url().origin().is_same_origin(*origin) && request->response_tainting() == Infrastructure::Request::ResponseTainting::Basic)
|| is_file_to_file_font_load
|| request->current_url().scheme() == "data"sv
|| (request->mode() == Infrastructure::Request::Mode::Navigate || request->mode() == Infrastructure::Request::Mode::WebSocket)) {
// 1. Set requests response tainting to "basic".