Bug 1894779: Allow loading fonts from resource:// URIs r=emilio,freddyb

Differential Revision: https://phabricator.services.mozilla.com/D209593
2024-05-23 13:46:30 +00:00 · 2024-05-23 13:46:30 +00:00 · e7fd7f8a7c
commit e7fd7f8a7c
parent 73949b0565
3 changed files with 37 additions and 2 deletions
--- a/caps/tests/mochitest/mochitest.toml
+++ b/caps/tests/mochitest/mochitest.toml
@ -24,3 +24,6 @@ skip-if = [
 ]

 ["test_disallowInheritPrincipal.html"]
+
+["test_loadLocalFont.html"]
+skip-if = ["os == 'android'"] # Font does not exist on Android
--- a/caps/tests/mochitest/test_loadLocalFont.html
+++ b/caps/tests/mochitest/test_loadLocalFont.html
@ -0,0 +1,27 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<script type="application/javascript">
+
+try {
+  let LocalFiraSans = new FontFace(
+    "LocalFiraSans",
+    "url('chrome://pocket/content/panels/fonts/FiraSans-Regular.woff') format('woff')"
+  ).load().then(() => {
+    ok(true, "We should suuceed");
+  }, () => {
+    ok(false, "We shouldn't fail (reject)");
+  });
+  console.log(LocalFiraSans); // avoid warning
+} catch (e) {
+  ok(false, "We shouldn't fail (catch)" + e);
+}
+
+</script>
+</pre>
+</body>
+</html>
--- a/layout/style/FontLoaderUtils.cpp
+++ b/layout/style/FontLoaderUtils.cpp
@ -30,13 +30,18 @@ namespace mozilla {
  // aCORSMode is ignored.  We always load as crossorigin=anonymous, but a
  // preload started with anything other then "anonymous" will never be found.
  aCorsMapping =
-      aURI->SchemeIs("file")
+      aURI->SchemeIs("file") || aURI->SchemeIs("resource") ||
+              aURI->SchemeIs("chrome")
          ? nsContentSecurityManager::CORSSecurityMapping::
                CORS_NONE_MAPS_TO_INHERITED_CONTEXT
          : nsContentSecurityManager::CORSSecurityMapping::REQUIRE_CORS_CHECKS;

+  // Besides the CORS flags, include SEC_ALLOW_CHROME to allow a font to come
+  // from a resource:// or chrome:// URL (as long as it is marked
+  // contentaccessible)
  aSecurityFlags = nsContentSecurityManager::ComputeSecurityFlags(
-      CORSMode::CORS_NONE, aCorsMapping);
+                       CORSMode::CORS_NONE, aCorsMapping) |
+                   nsILoadInfo::SEC_ALLOW_CHROME;

  aContentPolicyType = aIsPreload ? nsIContentPolicy::TYPE_INTERNAL_FONT_PRELOAD
                                  : nsIContentPolicy::TYPE_FONT;